Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-16 | CVE-2021-22914 | Insecure Storage of Sensitive Information vulnerability in Citrix Cloud Connector Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. | 5.0 |
| 2021-05-27 | CVE-2021-22891 | Missing Authorization vulnerability in Citrix Sharefile Storagezones Controller A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller. | 7.5 |
| 2021-05-27 | CVE-2021-22907 | Unspecified vulnerability in Citrix Workspace An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. | 7.2 |
| 2021-01-06 | CVE-2020-8275 | Improper Privilege Management vulnerability in Citrix Secure Mail Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. | 4.3 |
| 2021-01-06 | CVE-2020-8274 | Code Injection vulnerability in Citrix Secure Mail Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. | 4.3 |
| 2020-12-14 | CVE-2020-8283 | Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops, Xenapp and Xendesktop An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | 9.0 |
| 2020-12-14 | CVE-2020-8258 | Improper Privilege Management vulnerability in Citrix Gateway Plug-In Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | 5.0 |
| 2020-12-14 | CVE-2020-8257 | Improper Privilege Management vulnerability in Citrix Gateway Plug-In Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | 7.5 |
| 2020-11-16 | CVE-2020-8273 | OS Command Injection vulnerability in Citrix Sd-Wan Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. | 9.0 |
| 2020-11-16 | CVE-2020-8272 | Improper Authentication vulnerability in Citrix Sd-Wan Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | 5.0 |