Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-16 | CVE-2022-27512 | Use After Free vulnerability in Citrix Application Delivery Management Temporary disruption of the ADM license service. | 5.0 |
| 2022-05-26 | CVE-2022-21827 | Improper Privilege Management vulnerability in Citrix Gateway Plug-In 12.158/12.158.15/13.061.48 An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. | 6.6 |
| 2022-04-19 | CVE-2021-44519 | Path Traversal vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. | 8.8 |
| 2022-04-13 | CVE-2022-27503 | Cross-site Scripting vulnerability in Citrix Storefront Server Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 | 2.6 |
| 2022-04-13 | CVE-2022-27505 | Cross-site Scripting vulnerability in Citrix products Reflected cross site scripting (XSS) | 4.3 |
| 2022-04-13 | CVE-2022-27506 | Use of Hard-coded Credentials vulnerability in Citrix products Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI | 6.8 |
| 2022-04-13 | CVE-2021-44520 | Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | 9.0 |
| 2022-04-13 | CVE-2022-26151 | Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. | 7.2 |
| 2022-03-10 | CVE-2022-26355 | Exposure of Resource to Wrong Sphere vulnerability in Citrix Federated Authentication Service Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). | 1.9 |
| 2022-02-09 | CVE-2022-21825 | Unspecified vulnerability in Citrix Workspace An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. | 7.8 |