Vulnerabilities > Citrix > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-22928 | Unspecified vulnerability in Citrix Virtual Apps and Desktops, Xenapp and Xendesktop A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. | 7.2 |
| 2021-05-27 | CVE-2021-22891 | Missing Authorization vulnerability in Citrix Sharefile Storagezones Controller A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller. | 7.5 |
| 2021-05-27 | CVE-2021-22907 | Unspecified vulnerability in Citrix Workspace An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. | 7.2 |
| 2020-12-14 | CVE-2020-8257 | Improper Privilege Management vulnerability in Citrix Gateway Plug-In Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | 7.5 |
| 2020-08-17 | CVE-2020-8212 | Incorrect Authorization vulnerability in Citrix Xenmobile Server Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. | 7.5 |
| 2020-08-17 | CVE-2020-8211 | SQL Injection vulnerability in Citrix Xenmobile Server Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection. | 7.5 |
| 2020-06-08 | CVE-2020-13885 | Incorrect Default Permissions vulnerability in Citrix Workspace APP 1909/1911/2002 Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. | 7.2 |
| 2020-06-08 | CVE-2020-13884 | Incorrect Default Permissions vulnerability in Citrix Workspace APP 1909/1911/2002 Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. | 7.2 |
| 2020-03-06 | CVE-2020-10111 | HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1 Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. | 7.5 |
| 2019-10-21 | CVE-2019-18225 | Unspecified vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. | 7.5 |