Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-16 | CVE-2020-8299 | Resource Exhaustion vulnerability in Citrix products Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. | 6.5 |
| 2021-06-16 | CVE-2020-8300 | Unspecified vulnerability in Citrix products Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. | 6.5 |
| 2021-06-16 | CVE-2021-22914 | Insecure Storage of Sensitive Information vulnerability in Citrix Cloud Connector Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. | 7.5 |
| 2021-05-27 | CVE-2021-22891 | Missing Authorization vulnerability in Citrix Sharefile Storagezones Controller A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller. | 9.8 |
| 2021-05-27 | CVE-2021-22907 | Unspecified vulnerability in Citrix Workspace An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. | 7.8 |
| 2021-01-06 | CVE-2020-8275 | Improper Privilege Management vulnerability in Citrix Secure Mail Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. | 4.3 |
| 2021-01-06 | CVE-2020-8274 | Code Injection vulnerability in Citrix Secure Mail Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. | 6.5 |
| 2020-12-14 | CVE-2020-8283 | Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops, Xenapp and Xendesktop An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | 8.8 |
| 2020-12-14 | CVE-2020-8258 | Improper Privilege Management vulnerability in Citrix Gateway Plug-In 12.158/13.061.48 Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | 7.5 |
| 2020-12-14 | CVE-2020-8257 | Improper Privilege Management vulnerability in Citrix Gateway Plug-In 12.158/12.158.15/13.061.48 Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | 9.8 |