Vulnerabilities > Citrix > Xenmobile Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-24 | CVE-2018-18014 | Improper Authentication vulnerability in Citrix Xenmobile Server * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. | 7.8 |
| 2018-10-24 | CVE-2018-18013 | Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. | 7.8 |
| 2018-05-23 | CVE-2018-10654 | Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server 10.7/10.8 There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 6.8 |
| 2018-05-23 | CVE-2018-10653 | XXE vulnerability in Citrix Xenmobile Server 10.7/10.8 There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 7.5 |
| 2018-05-23 | CVE-2018-10652 | Information Exposure vulnerability in Citrix Xenmobile Server 10.7 There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. | 5.0 |
| 2018-05-23 | CVE-2018-10651 | Open Redirect vulnerability in Citrix Xenmobile Server 10.7/10.8 There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 5.8 |
| 2018-05-23 | CVE-2018-10650 | Untrusted Search Path vulnerability in Citrix Xenmobile Server 10.7/10.8 There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 6.8 |
| 2018-05-23 | CVE-2018-10649 | Cross-site Scripting vulnerability in Citrix Xenmobile Server 10.7 There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. | 4.3 |
| 2018-05-23 | CVE-2018-10648 | Unrestricted Upload of File with Dangerous Type vulnerability in Citrix Xenmobile Server 10.7/10.8 There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 7.5 |
| 2017-06-16 | CVE-2017-9231 | XXE vulnerability in Citrix Xenmobile Server XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |