Vulnerabilities > Citrix > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-7473 | Path Traversal vulnerability in Citrix Sharefile Storagezones Controller In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. | 7.5 |
| 2020-03-06 | CVE-2020-10111 | HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1 Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. | 7.5 |
| 2020-01-23 | CVE-2012-4606 | Improper Privilege Management vulnerability in Citrix Xenserver Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | 7.8 |
| 2020-01-10 | CVE-2012-4603 | Improper Input Validation vulnerability in Citrix Receiver and Xenapp Online Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. | 7.8 |
| 2020-01-02 | CVE-2013-3620 | Insufficiently Protected Credentials vulnerability in multiple products Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | 7.5 |
| 2020-01-02 | CVE-2013-3619 | Use of Hard-coded Credentials vulnerability in multiple products Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | 8.1 |
| 2019-10-09 | CVE-2019-17366 | Unspecified vulnerability in Citrix Application Delivery Management 12.1/13.0 Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. | 8.8 |
| 2019-08-29 | CVE-2019-13608 | XXE vulnerability in Citrix Storefront Server Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. | 7.5 |
| 2019-07-16 | CVE-2019-12992 | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | 8.8 |
| 2019-07-16 | CVE-2019-12991 | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | 8.8 |