Vulnerabilities > Citrix > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2023-24485 | Incorrect Authorization vulnerability in Citrix Workspace 1912/2105/2203.1 Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | 7.8 |
| 2023-01-26 | CVE-2022-27508 | Resource Exhaustion vulnerability in Citrix Application Delivery Controller and Gateway Unauthenticated denial of service | 7.5 |
| 2022-06-16 | CVE-2022-27511 | Unspecified vulnerability in Citrix Application Delivery Management Corruption of the system by a remote, unauthenticated user. | 8.1 |
| 2022-04-19 | CVE-2021-44519 | Path Traversal vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. | 8.8 |
| 2022-04-13 | CVE-2022-26151 | Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. | 7.2 |
| 2022-02-09 | CVE-2022-21825 | Unspecified vulnerability in Citrix Workspace An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. | 7.8 |
| 2021-08-05 | CVE-2021-22928 | Unspecified vulnerability in Citrix Virtual Apps and Desktops, Xenapp and Xendesktop A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. | 7.2 |
| 2021-05-27 | CVE-2021-22891 | Missing Authorization vulnerability in Citrix Sharefile Storagezones Controller A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller. | 7.5 |
| 2021-05-27 | CVE-2021-22907 | Unspecified vulnerability in Citrix Workspace An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. | 7.2 |
| 2020-12-14 | CVE-2020-8257 | Improper Privilege Management vulnerability in Citrix Gateway Plug-In Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | 7.5 |