Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-24488 | Cross-site Scripting vulnerability in Citrix Application Delivery Controller and Gateway Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting | 6.1 |
| 2023-02-16 | CVE-2023-24483 | Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | 7.8 |
| 2023-02-16 | CVE-2023-24484 | Unspecified vulnerability in Citrix Workspace 1912/2105/2203.1 A malicious user can cause log files to be written to a directory that they do not have permission to write to. | 5.5 |
| 2023-02-16 | CVE-2023-24485 | Incorrect Authorization vulnerability in Citrix Workspace 1912/2105/2203.1 Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | 7.8 |
| 2023-01-26 | CVE-2022-27507 | Resource Exhaustion vulnerability in Citrix Application Delivery Controller and Gateway Authenticated denial of service | 6.5 |
| 2023-01-26 | CVE-2022-27508 | Resource Exhaustion vulnerability in Citrix Application Delivery Controller and Gateway Unauthenticated denial of service | 7.5 |
| 2022-12-26 | CVE-2019-18177 | Unspecified vulnerability in Citrix Application Delivery Controller Firmware and Gateway In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. | 6.5 |
| 2022-12-13 | CVE-2022-27518 | Unspecified vulnerability in Citrix products Unauthenticated remote arbitrary code execution | 9.8 |
| 2022-11-08 | CVE-2022-27510 | Improper Authentication vulnerability in Citrix Application Delivery Controller Firmware and Gateway Unauthorized access to Gateway user capabilities | 9.8 |
| 2022-11-08 | CVE-2022-27513 | Insufficient Verification of Data Authenticity vulnerability in Citrix Application Delivery Controller Firmware and Gateway Remote desktop takeover via phishing | 9.6 |