10.6

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-18	CVE-2020-8253	Improper Authentication vulnerability in Citrix Xenmobile Server Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. network low complexity citrix CWE-287	5.0
2020-08-17	CVE-2020-8212	Incorrect Authorization vulnerability in Citrix Xenmobile Server Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. network low complexity citrix CWE-863	7.5
2020-08-17	CVE-2020-8211	SQL Injection vulnerability in Citrix Xenmobile Server Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection. network low complexity citrix CWE-89	7.5
2020-08-17	CVE-2020-8210	Insufficiently Protected Credentials vulnerability in Citrix Xenmobile Server Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. network low complexity citrix CWE-522	5.0
2020-08-17	CVE-2020-8209	Path Traversal vulnerability in Citrix Xenmobile Server Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. network low complexity citrix CWE-22	5.0
2020-08-17	CVE-2020-8208	Cross-site Scripting vulnerability in Citrix Xenmobile Server Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS). network citrix CWE-79	4.3
2018-10-24	CVE-2018-18014	Improper Authentication vulnerability in Citrix Xenmobile Server * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. local low complexity citrix CWE-287	7.8
2018-10-24	CVE-2018-18013	Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. local low complexity citrix CWE-502	7.8