{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 13.1-59.22",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions ant\u00e9rieures \u00e0 14.1-47.48",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions ant\u00e9rieures \u00e0 13.1-59.22",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC 12.1-FIPS et 12.1-NDcPP versions ant\u00e9rieures \u00e0 12.1-55.330",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 14.1-47.48",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC 13.1-FIPS et 13.1-NDcPP versions ant\u00e9rieures \u00e0 13.1-37.241",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Citrix rappelle que les versions 12.1 and 13.0 de NetScaler ADC et NetScaler Gateway sont obsol\u00e8tes et ne recevront plus de mises \u00e0 jour de s\u00e9curit\u00e9. L\u0027\u00e9diteur recommande de migrer vers une version maintenue et \u00e0 jour.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7776"
    },
    {
      "name": "CVE-2025-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7775"
    },
    {
      "name": "CVE-2025-8424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8424"
    }
  ],
  "initial_release_date": "2025-08-26T00:00:00",
  "last_revision_date": "2025-08-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0730",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix NetScaler ADC et NetScaler Gateway.  Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nCitrix indique que la vuln\u00e9rabilit\u00e9 CVE-2025-7775 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler ADC et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": "2025-08-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694938",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938\u0026articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-47.46",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler SDX (SVM) versions 13.1.x ant\u00e9rieures \u00e0 13.1.58.32",
      "product": {
        "name": "NetScaler SDX",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Console versions 14.1.x ant\u00e9rieures \u00e0 14.1.47.46",
      "product": {
        "name": "NetScaler Console",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler SDX (SVM) versions 14.1.x ant\u00e9rieures \u00e0 14.1.47.46",
      "product": {
        "name": "NetScaler SDX",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions 13.1.x ant\u00e9rieures \u00e0 13.1-59.19",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-47.46",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Console versions 13.1.x ant\u00e9rieures \u00e0 13.1.58.32",
      "product": {
        "name": "NetScaler Console",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1.x ant\u00e9rieures \u00e0 13.1-59.19",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1-FIPS et NDcPP  versions ant\u00e9rieures \u00e0 13.1-37.236-FIPS et NDcPP",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-6543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6543"
    },
    {
      "name": "CVE-2025-4365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4365"
    }
  ],
  "initial_release_date": "2025-06-26T00:00:00",
  "last_revision_date": "2025-06-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0540",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nCitrix indique que la vuln\u00e9rabilit\u00e9 CVE-2025-6543 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694788",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788\u0026articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_6543"
    },
    {
      "published_at": "2025-06-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694729",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694729\u0026articleURL=NetScaler_Console_and_NetScaler_SDX_SVM_Security_Bulletin_for_CVE_2025_4365"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Workspace app ant\u00e9rieures \u00e0 2402 LTSR CU2 Hotfix 1 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1.x ant\u00e9rieures \u00e0 13.1-FIPS et 13.1-NDcPP 13.1-37.235",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-43.56",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace app ant\u00e9rieures \u00e0 2402 LTSR CU3 Hotfix 1 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace app versions ant\u00e9rieures \u00e0 2409 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Secure Access Client versions ant\u00e9rieures \u00e0 25.5.1.15 pour Windows",
      "product": {
        "name": "Citrix Secure Access client",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions ant\u00e9rieures \u00e0 13.1-58.32",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 13.1-58.32",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 12.1.x ant\u00e9rieures \u00e0 12.1-FIPS 12.1-55.328",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-43.56",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 12.1.x et 13.0.x de Netscaler ADC et Netstacler Gateway sont vuln\u00e9rables et ne sont plus maintenues. Une mise \u00e0 jour vers une version support\u00e9e est n\u00e9cessaire pour la correction des vuln\u00e9rabilit\u00e9s CVE-2025-5349 et CVE-2025-5777.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0320"
    },
    {
      "name": "CVE-2025-5349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5349"
    },
    {
      "name": "CVE-2025-4879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4879"
    },
    {
      "name": "CVE-2025-5777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5777"
    }
  ],
  "initial_release_date": "2025-06-20T00:00:00",
  "last_revision_date": "2025-06-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0528",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": "2025-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694718",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718\u0026articleURL=Citrix_Workspace_app_for_Windows_Security_Bulletin_CVE_2025_4879"
    },
    {
      "published_at": "2025-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694724",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694724\u0026articleURL=Citrix_Secure_Access_Client_for_Windows_Security_Bulletin_for_CVE_2025_0320"
    },
    {
      "published_at": "2025-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX693420",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420\u0026artic%5B%E2%80%A6%5Dteway_Security_Bulletin_for_CVE_2025_5349_and_CVE_2025_5777="
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetScaler ADC versions12.1-FIPS ant\u00e9rieures \u00e0 12.1-55.321",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-29.72",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions ant\u00e9rieures \u00e0 13.1-55.34",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 2407 avec le correctif de s\u00e9curit\u00e9 24.5.200.8",
      "product": {
        "name": "Virtual Apps and Desktops",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 13.1-55.34",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1-FIPS ant\u00e9rieures \u00e0 13.1-37.207",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 12.1-NDcPP ant\u00e9rieures \u00e0 12.1-55.321",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-29.72",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Virtual Apps and Desktops versions 2402 LTSR ant\u00e9rieures \u00e0 CU1 hotfix 24.02.1200.16",
      "product": {
        "name": "Virtual Apps and Desktops",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Virtual Apps and Desktops versions 1912 LTSR ant\u00e9rieures \u00e0 CU9 hotfix 19.12.9100.6",
      "product": {
        "name": "Virtual Apps and Desktops",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Virtual Apps and Desktops versions 2203 LTSR ant\u00e9rieures \u00e0 CU5 hotfix 22.03.5100.11",
      "product": {
        "name": "Virtual Apps and Desktops",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Le CERT-FR a connaissance de codes d\u0027exploitation publics pour les vuln\u00e9rabilit\u00e9s CVE-2024-8068 et CVE-2024-8069.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8535"
    },
    {
      "name": "CVE-2024-8069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8069"
    },
    {
      "name": "CVE-2024-8534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8534"
    },
    {
      "name": "CVE-2024-8068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8068"
    }
  ],
  "initial_release_date": "2024-11-12T00:00:00",
  "last_revision_date": "2024-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0964",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-12T00:00:00.000000"
    },
    {
      "description": "Le CERT-FR a connaissance de codes d\u0027exploitation publics",
      "revision_date": "2024-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX691608",
      "url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX691941",
      "url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC (anciennement appel\u00e9 NetScaler ADC)",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Gateway (anciennement appel\u00e9 NetScaler Gateway)",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP Edition mod\u00e8les 4000-WO, 4100-WO, 5000-WO, et 5100-WO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22955"
    },
    {
      "name": "CVE-2021-22956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22956"
    }
  ],
  "initial_release_date": "2021-11-10T00:00:00",
  "last_revision_date": "2021-11-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix \u00e9 du 09 novembre 2021",
      "url": "https://support.citrix.com/article/CTX330728"
    }
  ],
  "reference": "CERTFR-2021-AVI-856",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix du 09 novembre 2021",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC et NetScaler Gateway 11.1 versions ant\u00e9rieures \u00e0 11.1-65.22",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP Edition 11.4.x versions ant\u00e9rieures \u00e0 11.4.0.a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP Edition 11.2.x versions ant\u00e9rieures \u00e0 11.2.3.b",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway 13.0 versions ant\u00e9rieures \u00e0 13.0-82.45",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC 12.1-FIPS versions ant\u00e9rieures \u00e0 12.1-55.247",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway 12.1 versions ant\u00e9rieures \u00e0 12.1-62.27",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP Edition 11.3.x versions ant\u00e9rieures \u00e0 11.3.2.a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP Edition 10.2.x versions ant\u00e9rieures \u00e0 10.2.9.b",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22920"
    },
    {
      "name": "CVE-2021-22927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22927"
    },
    {
      "name": "CVE-2021-22919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22919"
    }
  ],
  "initial_release_date": "2021-07-20T00:00:00",
  "last_revision_date": "2021-07-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-547",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service,\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX319135 du 19 juillet 2021",
      "url": "https://support.citrix.com/article/CTX319135"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC et Citrix Gateway versions 12.1x ant\u00e9rieures \u00e0 12.1-62.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP versions 11.3.x ant\u00e9rieures \u00e0 11.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP versions 11.4.x ant\u00e9rieures \u00e0 11.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC versions 12.1-FIPS ant\u00e9rieures \u00e0 12.1-55.238",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP versions 11.2.x ant\u00e9rieures \u00e0 11.2.3a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 11.1x ant\u00e9rieures \u00e0 11.1-65.20",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP versions 10.x ant\u00e9rieures \u00e0 10.2.9a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP versions 11.1.x ant\u00e9rieures \u00e0 11.1.2c",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.0x ant\u00e9rieures \u00e0 13.0-82.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8299"
    },
    {
      "name": "CVE-2021-22914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22914"
    },
    {
      "name": "CVE-2020-8300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8300"
    }
  ],
  "initial_release_date": "2021-06-09T00:00:00",
  "last_revision_date": "2021-06-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-445",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX316690 du 08 juin 2021",
      "url": "https://support.citrix.com/article/CTX316690"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX297155 du 08 juin 2021",
      "url": "https://support.citrix.com/article/CTX297155"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC et NetScaler Gateway versions 12.1.x ant\u00e9rieures \u00e0 12.1-57.18",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.x ant\u00e9rieures \u00e0 13.0-58.30",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 11.1.x ant\u00e9rieures \u00e0 11.1-64.14",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP versions 10.2.x ant\u00e9rieures \u00e0 10.2.7 sur les mod\u00e8les 4000-WO, 4100-WO, 5000-WO et 5100-WO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP versions 11.0.x ant\u00e9rieures \u00e0 11.0.3d sur les mod\u00e8les 4000-WO, 4100-WO, 5000-WO et 5100-WO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Gateway Plug-in pour Linux versions ant\u00e9rieures \u00e0 1.0.0.137",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 12.0.x ant\u00e9rieures \u00e0 12.0-63.21",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix SD-WAN WANOP versions 11.1.x ant\u00e9rieures \u00e0 11.1.1a sur les mod\u00e8les 4000-WO, 4100-WO, 5000-WO et 5100-WO",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC et NetScaler Gateway versions 10.5.x ant\u00e9rieures \u00e0 10.5-70.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8199"
    },
    {
      "name": "CVE-2020-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8194"
    },
    {
      "name": "CVE-2020-8193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8193"
    },
    {
      "name": "CVE-2019-18177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18177"
    },
    {
      "name": "CVE-2020-8195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8195"
    },
    {
      "name": "CVE-2020-8198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8198"
    },
    {
      "name": "CVE-2020-8190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8190"
    },
    {
      "name": "CVE-2020-8191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8191"
    },
    {
      "name": "CVE-2020-8197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8197"
    },
    {
      "name": "CVE-2020-8196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8196"
    },
    {
      "name": "CVE-2020-8187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8187"
    }
  ],
  "initial_release_date": "2020-07-08T00:00:00",
  "last_revision_date": "2020-07-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-416",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX276688 du 07 juillet 2020",
      "url": "https://support.citrix.com/article/CTX276688"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix SD-WAN WANOP versions ant\u00e9rieures \u00e0 10.2.6b et 11.0.3b (Citrix ADC v11.1.51.615)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 12.0.x ant\u00e9rieures \u00e0 12.0.63.13",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 10.5.x ant\u00e9rieures \u00e0 10.5.70.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 11.1.x ant\u00e9rieures \u00e0 11.1.63.15",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.0.x ant\u00e9rieures \u00e0 13.0.47.24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 12.1.x ant\u00e9rieures \u00e0 12.1.55.18",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\n\u003cs\u003eAucun correctif n\u0027est disponible pour l\u0027instant. Toutefois des\nmesures de contournement sont disponibles ici :\u003c/s\u003e\n\n\u003chttps://support.citrix.com/article/CTX267679\u003e\n",
  "cves": [
    {
      "name": "CVE-2019-19781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19781"
    }
  ],
  "initial_release_date": "2019-12-18T00:00:00",
  "last_revision_date": "2020-01-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-640",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-18T00:00:00.000000"
    },
    {
      "description": "Les correctifs pour les versions 12.0.x et 11.1.x sont disponibles.",
      "revision_date": "2020-01-20T00:00:00.000000"
    },
    {
      "description": "Les correctifs sont disponibles.",
      "revision_date": "2020-01-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Citrix Application Delivery\nController et Gateway. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix Application Delivery Controller et Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX267027 du 17 d\u00e9cembre 2019",
      "url": "https://support.citrix.com/article/CTX267027"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC et NetScaler Gateway versions ant\u00e9rieures \u00e0 11.1 build 63.9",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions ant\u00e9rieures \u00e0 12.1 build 54.16",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions ant\u00e9rieures \u00e0 12.0 build 62.10",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions ant\u00e9rieures \u00e0 10.5 build 70.8",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions ant\u00e9rieures \u00e0 13.0 build 41.28",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-18225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18225"
    }
  ],
  "initial_release_date": "2019-10-21T00:00:00",
  "last_revision_date": "2019-10-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-521",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-21T00:00:00.000000"
    },
    {
      "description": "Ajout de la r\u00e9f\u00e9rence CVE CVE-2019-18225",
      "revision_date": "2019-10-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Citrix ADC et Gateway. Elle\npermet \u00e0 un attaquant de provoquer un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix ADC et Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX261055 du 17 octobre 2019",
      "url": "https://support.citrix.com/article/CTX261055"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix Workspace versions ant\u00e9rieures \u00e0 1904",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions ant\u00e9rieures \u00e0 11.1.59.10",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions 12.0.x ant\u00e9rieures \u00e0 12.0.59.8",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Receiver for Windows versions ant\u00e9rieures \u00e0 LTSR 4.9 CU6 version 4.9.6001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions 12.1.x ant\u00e9rieures \u00e0 12.1.49.23",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11634"
    },
    {
      "name": "CVE-2019-12044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12044"
    }
  ],
  "initial_release_date": "2019-05-14T00:00:00",
  "last_revision_date": "2019-05-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-202",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX251986 du 13 mai 2019",
      "url": "https://support.citrix.com/article/CTX251986"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX249976 du 13 mai 2019",
      "url": "https://support.citrix.com/article/CTX249976"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC et NetScaler Gateway versions 10.5 ant\u00e9rieures \u00e0 10.5 build 69.5",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 11.1 ant\u00e9rieures \u00e0 11.1 build 60.14",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 11.0 ant\u00e9rieures \u00e0 11.0 build 72.17",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 12.0 ant\u00e9rieures \u00e0 12.0 build 60.9",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 12.1 ant\u00e9rieures \u00e0 12.1 build 50.31",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6485"
    }
  ],
  "initial_release_date": "2019-01-24T00:00:00",
  "last_revision_date": "2019-01-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-033",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Citrix ADC et NetScaler Gateway.\nElle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix ADC et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX240139 du 23 janvier 2019",
      "url": "https://support.citrix.com/article/CTX240139"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions ant\u00e9rieures \u00e0 11.1 Build 56.15",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions ant\u00e9rieures \u00e0 11.0 Build 71.18",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions ant\u00e9rieures \u00e0 10.5 Build 67.10",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions ant\u00e9rieures \u00e0 12.0 Build 57.19",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-6810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6810"
    },
    {
      "name": "CVE-2018-5314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5314"
    },
    {
      "name": "CVE-2018-6808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6808"
    },
    {
      "name": "CVE-2018-6809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6809"
    },
    {
      "name": "CVE-2018-6811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6811"
    },
    {
      "name": "CVE-2018-6186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6186"
    }
  ],
  "initial_release_date": "2018-03-01T00:00:00",
  "last_revision_date": "2018-03-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-106",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix NetScaler\nApplication Delivery Controller (ADC) et NetScaler Gateway. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler Application Delivery Controller (ADC) et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX232199 du 28 f\u00e9vrier 2018",
      "url": "https://support.citrix.com/article/CTX232199"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX232161 du 1 mars 2018",
      "url": "https://support.citrix.com/article/CTX232161"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix versions 10.1 ant\u00e9rieures \u00e0 10.1 Build 135.8/135.12",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix versions 10.5 ant\u00e9rieures \u00e0 10.5 Build 65.11",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix versions 11.1 ant\u00e9rieures \u00e0 11.1 Build 52.13",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix versions 11.0 ant\u00e9rieures \u00e0 11.0 Build 70.12",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7219"
    }
  ],
  "initial_release_date": "2017-04-13T00:00:00",
  "last_revision_date": "2017-04-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-113",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCitrix\nNetScaler Gateway\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX222657 du 12 avril 2017",
      "url": "https://support.citrix.com/article/CTX222657"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetScaler Application Delivery Controller versions ant\u00e9rieures \u00e0 9.3-62.4",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 10.1-126.12",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4347"
    },
    {
      "name": "CVE-2014-4346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4346"
    }
  ],
  "initial_release_date": "2014-07-15T00:00:00",
  "last_revision_date": "2014-07-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix du 14 juillet 2014",
      "url": "https://support.citrix.com/article/CTX140863"
    }
  ],
  "reference": "CERTFR-2014-AVI-311",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCitrix NetScaler Application Delivery Controller\u003c/span\u003e\net \u003cspan class=\"textit\"\u003eCitrix NetScaler Gateway\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler Application Delivery Controller et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix du 15 juillet 2014",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 13.1-59.22",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions ant\u00e9rieures \u00e0 14.1-47.48",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions ant\u00e9rieures \u00e0 13.1-59.22",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC 12.1-FIPS et 12.1-NDcPP versions ant\u00e9rieures \u00e0 12.1-55.330",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 14.1-47.48",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC 13.1-FIPS et 13.1-NDcPP versions ant\u00e9rieures \u00e0 13.1-37.241",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Citrix rappelle que les versions 12.1 and 13.0 de NetScaler ADC et NetScaler Gateway sont obsol\u00e8tes et ne recevront plus de mises \u00e0 jour de s\u00e9curit\u00e9. L\u0027\u00e9diteur recommande de migrer vers une version maintenue et \u00e0 jour.",
  "closed_at": "2025-09-26",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\n\nLe CERT-FR recommande l\u0027application des correctifs dans les plus brefs d\u00e9lais.",
  "cves": [
    {
      "name": "CVE-2025-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7775"
    }
  ],
  "initial_release_date": "2025-08-26T00:00:00",
  "last_revision_date": "2025-09-26T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0730 du 26 ao\u00fbt 2025 ",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0730/"
    },
    {
      "title": "Compromission d\u0027un \u00e9quipement de bordure r\u00e9seau - Endiguement",
      "url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2025-RFX-002/"
    },
    {
      "title": "Recommendations de Citrix en cas de soup\u00e7ons de compromission",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694799"
    },
    {
      "title": "Compromission d\u0027un \u00e9quipement de bordure r\u00e9seau - Qualification",
      "url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2025-RFX-001/"
    }
  ],
  "reference": "CERTFR-2025-ALE-012",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-26T00:00:00.000000"
    },
    {
      "description": "     Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2025-09-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 26 ao\u00fbt 2025, Citrix a publi\u00e9 un bulletin de s\u00e9curit\u00e9 (cf. section Documentation) concernant, entre autres, la vuln\u00e9rabilit\u00e9 CVE-2025-7775.\n\nCelle-ci permet une ex\u00e9cution de code arbitraire \u00e0 distance et affecte toutes les versions de Citrix NetScaler ADC et NetScaler Gateway, dans certaines configurations d\u00e9taill\u00e9es par l\u0027\u00e9diteur.\n\nCitrix indique que la vuln\u00e9rabilit\u00e9 CVE-2025-7775 est activement exploit\u00e9e.\n\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix NetScaler ADC et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": "2025-08-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694938",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-47.46",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions 13.1.x ant\u00e9rieures \u00e0 13.1-59.19",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-47.46",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1.x ant\u00e9rieures \u00e0 13.1-59.19",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1-FIPS et NDcPP  versions ant\u00e9rieures \u00e0 13.1-37.236-FIPS et NDcPP",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les d\u00e9ploiements de Secure Private Access on-prem et Secure Private Access Hybrid utilisant des instances NetScaler sont \u00e9galement affect\u00e9s par cette vuln\u00e9rabilit\u00e9.",
  "closed_at": "2025-08-18",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\nL\u0027obtention des correctifs 13.1-FIPS et 13.1-NDcPP s\u0027effectue via la page d\u2019assistance de Citrix [1].",
  "cves": [
    {
      "name": "CVE-2025-6543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6543"
    },
    {
      "name": "CVE-2025-5777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5777"
    }
  ],
  "initial_release_date": "2025-07-01T00:00:00",
  "last_revision_date": "2025-08-18T00:00:00",
  "links": [
    {
      "title": "[12] \u00c9valuation des journaux NetScaler pour identifier des tentatives d\u0027exploitation",
      "url": "https://www.netscaler.com/blog/news/evaluating-netscaler-logs-for-indicators-of-attempted-exploitation-of-cve-2025-5777/"
    },
    {
      "title": "Documentation mise \u00e0 jour d\u0027un \u00e9quipement NetScaler 14.1",
      "url": "https://docs.netscaler.com/en-us/citrix-adc/14-1/upgrade-downgrade-citrix-adc-appliance.html"
    },
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0528 du 20 juin 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0528/"
    },
    {
      "title": "[4] Comment g\u00e9n\u00e9rer un fichier de support sur ADC",
      "url": "https://support.citrix.com/external/article/472859/how-to-generate-a-support-file-for-adc.html"
    },
    {
      "title": "Documentation mise \u00e0 jour d\u0027un \u00e9quipement NetScaler 13.1",
      "url": "https://docs.netscaler.com/en-us/citrix-adc/13-1/upgrade-downgrade-citrix-adc-appliance.html"
    },
    {
      "title": "[1] Assistance de Citrix",
      "url": "https://support.citrix.com/support-home/home"
    },
    {
      "title": "[7] \u00c0 propos de NetScaler VPX",
      "url": "https://docs.netscaler.com/en-us/vpx/current-release.html"
    },
    {
      "title": "[8] Sauvegarde et restauration des instances NetScaler",
      "url": "https://docs.netscaler.com/en-us/netscaler-application-delivery-management-software/current-release/networks/instance-management/backup-restore-netscaler-instances.html"
    },
    {
      "title": "[6]  Guide effacement des donn\u00e9es de votre NetScaler MPX",
      "url": "https://docs.netscaler.com/en-us/netscaler-hardware-platforms/mpx/wiping-your-data-before-sending-your-adc-appliance-to-netscaler"
    },
    {
      "title": "[2] Lettre d\u2019information de NetScaler : mises \u00e0 jour de s\u00e9curit\u00e9 critique de NetScaler pour les vuln\u00e9rabilit\u00e9s CVE-2025-6543 et CVE-2025-5777",
      "url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0540 du 26 juin 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0540/"
    },
    {
      "title": "[3] Mesures \u00e0 prendre en cas de suspicion de compromission de NetScaler ADC",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694799"
    },
    {
      "title": "[10] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "[5] Comment g\u00e9n\u00e9rer un Core Dump NSPPE sur NetScaler",
      "url": "https://support.citrix.com/external/article?articleUrl=CTX207598-how-to-generate-nsppe-core-dump-on-netscaler"
    },
    {
      "title": "[11] Bulletin de s\u00e9curit\u00e9 Citrix CTX693420 du 17 juin 2025",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
    },
    {
      "title": "[9] Meilleures pratiques de s\u00e9curit\u00e9 pour NetScaler MPX, VPX et SDX",
      "url": "https://docs.netscaler.com/en-us/netscaler-adc-secure-deployment.html"
    }
  ],
  "reference": "CERTFR-2025-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-01T00:00:00.000000"
    },
    {
      "description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-5777.",
      "revision_date": "2025-07-07T00:00:00.000000"
    },
    {
      "description": "    Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2025-08-18T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027un lien contenant une m\u00e9thode d\u0027\u00e9valuation pour identifier des tentatives d\u0027exploitation",
      "revision_date": "2025-07-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 17 juillet 2025]\u003c/span\u003e**\n\nL\u0027\u00e9diteur a publi\u00e9 un lien contenant une m\u00e9thode d\u0027\u00e9valuation permettant d\u0027identifier des tentatives d\u0027exploitation dans les journaux applicatifs et syst\u00e8mes [12].\n\n**[Mise \u00e0 jour du 7 juillet 2025]**\n\nLe 17 juin 2025, Citrix a publi\u00e9 un bulletin de s\u00e9curit\u00e9 concernant notamment la vuln\u00e9rabilit\u00e9 CVE-2025-5777 [11]. Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 de faire fuiter des portions al\u00e9atoires de la m\u00e9moire de NetScaler ADC et NetScaler Gateway et ainsi potentiellement r\u00e9cup\u00e9rer les informations de connexion d\u0027une session active.\n\nLe 4 juillet 2025, une preuve de concept a \u00e9t\u00e9 publi\u00e9e publiquement. Celle-ci est triviale \u00e0 utiliser et le CERT-FR constate des exploitations actives. \u003cbr /\u003e\nLa vuln\u00e9rabilit\u00e9 CVE-2025-5777 est exploitable par le biais du formulaire d\u0027authentification.\n\nCitrix recommande l\u0027arr\u00eat de toutes les sessions ICA et PCoIP actives apr\u00e8s l\u0027installation du correctif. Le CERT-FR recommande d\u0027aller plus loin avec l\u0027inspection des sessions actives fra\u00eechement renouvel\u00e9es en ciblant en priorit\u00e9 celles qui proviennent de plusieurs adresses IP. \u003cbr /\u003e\nDe plus, si le correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-5777 a \u00e9t\u00e9 install\u00e9 apr\u00e8s la publication de la preuve de concept, le CERT-FR recommande \u00e9galement le renouvellement des mots de passe des utilisateurs.\n\nLes vuln\u00e9rabilit\u00e9s CVE-2025-6543 et CVE-2025-5777 \u00e9tant activement exploit\u00e9es, tout Netscaler expos\u00e9 qui n\u0027aurait pas re\u00e7u les correctifs pour ces deux vuln\u00e9rabilit\u00e9s doit \u00eatre consid\u00e9r\u00e9 comme compromis.\n\n**[Publication initiale]**\n\nLe 25 juin 2025, Citrix a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-6543 affectant NetScaler ADC et NetScaler Gateway. L\u0027\u00e9diteur lui a attribu\u00e9 un score CVSS v4.0 de 9,2 et indique qu\u0027elle permet \u00e0 un attaquant de provoquer un d\u00e9bordement de m\u00e9moire entrainant un flux de contr\u00f4le impr\u00e9vu et un d\u00e9ni de service \u00e0 distance. L\u0027\u00e9quipement est vuln\u00e9rable s\u0027il est configur\u00e9 en tant que passerelle (*Gateway : VPN virtual server, ICA Proxy, CVPN, RDP Proxy*) ou en tant que serveur virtuel AAA (*AAA\u202fvirtual\u202fserver*).\n\nCitrix indique que les produits NetScaler ADC et NetScaler Gateway en version 12.1 et 13.0 sont en fin de vie. L\u0027\u00e9diteur recommande aux utilisateurs de migrer vers une version support\u00e9e et \u00e0 jour.\n\nCitrix d\u00e9clare avoir connaissance d\u0027exploitations actives de cette vuln\u00e9rabilit\u00e9.\n\nL\u0027obtention des marqueurs de compromission se fait via la page d\u2019assistance de Citrix [1][2]. NetScaler pr\u00e9conise en particulier de rechercher des arr\u00eats inopin\u00e9s [2]. \n\nEn cas de suspicion de compromission, l\u0027\u00e9diteur recommande [3] :\n* si le NetScaler est une instance virtuelle VPX :\n    * r\u00e9aliser un instantan\u00e9 du syst\u00e8me de fichier et de la m\u00e9moire vive ;\n    * documenter l\u0027heure du syst\u00e8me, les param\u00e8tres du fuseau horaire et la configuration NTP avant l\u0027isolation ;\n* si possible, \u00e9viter d\u0027\u00e9teindre la machine afin de conserver les traces n\u00e9cessaires aux investigations ;\n* g\u00e9n\u00e9rer un fichier de support sur ADC [4] ;\n* g\u00e9n\u00e9rer un Core Dump NSPPE sur NetScaler [5] ;\n*  si le NetScaler est un  \u00e9quipement MPX ou SDX, r\u00e9cup\u00e9rer une image du disque ;\n* isoler totalement la machine concern\u00e9e du r\u00e9seau, vis-\u00e0-vis d\u0027Internet comme du r\u00e9seau interne, afin de limiter les risques de nouvel acc\u00e8s non autoris\u00e9 et de lat\u00e9ralisation ;\n* r\u00e9voquer des informations d\u0027identification et d\u0027acc\u00e8s :\n    * changer les mots de passe et secrets des comptes de service stock\u00e9s sur le NetScaler tel que les comptes de service LDAP, les secrets partag\u00e9s RADIUS, les jetons OAuth, les cl\u00e9s API, les noms de communaut\u00e9 SNMP ;\n    * modifier les comptes utilisateurs susceptibles d\u0027avoir \u00e9t\u00e9 authentifi\u00e9s via la plateforme suspect\u00e9e d\u0027\u00eatre compromise, y compris les serveurs virtuels Gateway ou AAA ;\n    * r\u00e9voquer les certificats et les cl\u00e9s priv\u00e9es associ\u00e9es stock\u00e9es sur la plateforme suspect\u00e9e d\u0027\u00eatre compromise ;\n* examiner tous les serveurs et syst\u00e8mes auxquels l\u0027ADC NetScaler s\u0027est connect\u00e9 pour d\u00e9tecter tout signe de compromission ;\n* si le NetScaler est un \u00e9quipement MPX, se r\u00e9f\u00e9rer au guide pour effacer et r\u00e9installer le MPX [6] ;\n* si le NetScaler est un \u00e9quipement SDX ou une instance virtuelle VPX, se r\u00e9f\u00e9rer au guide pour effacer et r\u00e9installer le SDX ou le VPX [7] ;\n* mettre \u00e0 jour le NetScaler ADC vers la derni\u00e8re version disponible du micrologiciel (*firmware*) avant de restaurer la sauvegarde de la configuration ;\n* restaurer une sauvegarde saine \u00e0 l\u0027aide de la console NetScaler, se r\u00e9f\u00e9rer au guide pour obtenir des instructions d\u00e9taill\u00e9es [8] ;\n* modifier tous les mots de passe des comptes locaux sur le NetScaler ADC ;\n* renouveler les cl\u00e9s de chiffrement (*Key Encryption Keys*) ;\n* supprimer tous les certificats SSL restaur\u00e9s ; \n* remplacer tous les certificats SSL restaur\u00e9s ; \n* pour renforcer le NetScaler ADC, se r\u00e9f\u00e9rer au guide pour obtenir les meilleures pratiques de s\u00e9curit\u00e9 pour NetScaler MPX, VPX et SDX [9].\n\nEn cas de compromission, signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR en mettant en copie vos \u00e9ventuels CSIRTs m\u00e9tier et consulter les bons r\u00e9flexes en cas d\u0027intrusion sur un syst\u00e8me d\u0027information [10].",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler ADC et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694788",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788\u0026articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_6543"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix SD-WAN WANOP versions ant\u00e9rieures \u00e0 10.2.6b et 11.0.3b (Citrix ADC v11.1.51.615)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 12.0.x ant\u00e9rieures \u00e0 12.0.63.13",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix NetScaler ADC et NetScaler Gateway versions 10.5.x ant\u00e9rieures \u00e0 10.5.70.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 11.1.x ant\u00e9rieures \u00e0 11.1.63.15",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.0.x ant\u00e9rieures \u00e0 13.0.47.24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et NetScaler Gateway versions 12.1.x ant\u00e9rieures \u00e0 12.1.55.18",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2020-07-31",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention du\ncontournement (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-19781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19781"
    }
  ],
  "initial_release_date": "2020-01-09T00:00:00",
  "last_revision_date": "2020-07-31T00:00:00",
  "links": [
    {
      "title": "[3] Avis CERT-FR CERTFR-2019-AVI-640 du 18 d\u00e9cembre 2019",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-640/"
    },
    {
      "title": "[2] Descriptif du contournement \u00e0 appliquer en date du 17 d\u00e9cembre 2019",
      "url": "https://support.citrix.com/article/CTX267679"
    },
    {
      "title": "[5] Bulletin CERTFR-2020-ACT-001 du 05 f\u00e9vrier 2020",
      "url": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2020-ACT-001/"
    }
  ],
  "reference": "CERTFR-2020-ALE-002",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-09T00:00:00.000000"
    },
    {
      "description": "Ajout des dates de disponibilit\u00e9 des correctifs de s\u00e9curit\u00e9",
      "revision_date": "2020-01-13T00:00:00.000000"
    },
    {
      "description": "Probl\u00e8me de la mesure de contournement sur certaines versions, modification de la liste de produits vuln\u00e9rables et mise \u00e0 disposition d\u0027un outil de test de vuln\u00e9rabilit\u00e9.",
      "revision_date": "2020-01-17T00:00:00.000000"
    },
    {
      "description": "Disponibilit\u00e9 des correctifs pour certaines versions ; la date de sortie des correctifs a \u00e9t\u00e9 avanc\u00e9e pour toutes les versions ; clarification des versions pour lesquelles les mesures de contournement ne fonctionnent pas.",
      "revision_date": "2020-01-20T00:00:00.000000"
    },
    {
      "description": "FireEye met \u00e0 disposition un outil de recherche de compromission.",
      "revision_date": "2020-01-23T00:00:00.000000"
    },
    {
      "description": "Les correctifs sont disponibles.",
      "revision_date": "2020-01-27T00:00:00.000000"
    },
    {
      "description": "Ajout de recommandations suite \u00e0 la compromissions de plusieurs cl\u00e9 priv\u00e9es sur des machines vuln\u00e9rables.",
      "revision_date": "2020-01-31T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2020-05-05T00:00:00.000000"
    },
    {
      "description": "R\u00e9ouverture de l\u0027alerte suite \u00e0 des compromissions de serveurs vuln\u00e9rables. Rappel des mesures \u00e0 prendre.",
      "revision_date": "2020-06-26T00:00:00.000000"
    },
    {
      "description": "La cl\u00f4ture d\u0027une alerte ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2020-07-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[Mise \u00e0 jour du 26 juin 2020\\]\u003c/strong\u003e\n\nLe CERT-FR a pris connaissance de \u003cstrong\u003ecompromissions r\u00e9centes\u003c/strong\u003e de\nserveurs Citrix dans le cadre d\u0027attaques cibl\u00e9es. Il est rappel\u00e9 que la\nvuln\u00e9rabilit\u00e9 affecte tous les syst\u00e8mes d\u00e9clar\u00e9s ci-dessus, \u003cstrong\u003em\u00eame si la\nfonctionnalit\u00e9 VPN n\u0027est pas activ\u00e9e\u003c/strong\u003e.\n\nLe CERT-FR rappelle donc qu\u0027il est \u003cstrong\u003eimp\u00e9ratif\u003c/strong\u003e de :\n\n-   Proc\u00e9der \u003cu\u003esans attendre\u003c/u\u003e \u00e0 la mise \u00e0 jour de vos serveurs\n    Citrix en respectant la proc\u00e9dure standard de l\u2019\u00e9diteur\u00a0:\n    r\u00e9installation compl\u00e8te des serveurs puis restauration d\u2019une\n    configuration \u00e0 partir d\u2019une sauvegarde ant\u00e9rieure au 10 janvier\n    2020\u00a0;\n-   R\u00e9voquer et renouveler les certificats x509 d\u00e9ploy\u00e9s sur ces\n    serveurs ainsi que sur tous les \u00e9quipements qui les utilisent\n    \u00e9galement (certificats multi-domaines par exemple);\n-   \u003cspan style=\"color: #000000;\"\u003eModifier les mots de passe des\n    administrateurs et des utilisateurs qui utilisent le service\n    Citrix\u00a0;\u003c/span\u003e\n-   \u003cspan style=\"color: #000000;\"\u003eModifier les mots de passe des comptes\n    techniques configur\u00e9s sur l\u2019\u00e9quipement (compte LDAP, compte Radius,\n    compte Active Directory, etc.)\u00a0;\u003c/span\u003e\n\nD\u2019autre part, l\u2019exposition sur Internet augmente les opportunit\u00e9s\nd\u2019attaque visant \u00e0 usurper l\u2019identit\u00e9 d\u2019un utilisateur nomade si le\nprocessus d\u2019authentification n\u2019est pas suffisamment robuste. Le CERT-FR\nrecommande donc la mise en \u0153uvre d\u2019une authentification \u00e0 double facteur\nafin de r\u00e9duire ce risque.\n\nEnfin, nous vous recommandons la lecture du bulletin CERTFR-2020-ACT-001\n\\[5\\] sur la s\u00e9curisation des services expos\u00e9s sur Internet.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 30 janvier 2020\\]\u003c/strong\u003e\n\nLe CERT-FR a pris connaissance de la compromission de cl\u00e9s priv\u00e9es sur\ndes serveurs h\u00e9bergeant le logiciel Citrix vuln\u00e9rable. Ces cl\u00e9s priv\u00e9es\nsont pour certaines, associ\u00e9es \u00e0 des certificats multi-domaines\n(*wildcard*).\n\nPar cons\u00e9quence, les attaquants sont en mesure d\u0027usurper l\u0027identit\u00e9 des\nservices s\u00e9curis\u00e9s pour l\u0027ensemble des domaines et sous-domaines\nconcern\u00e9s.\n\nLe CERT-FR recommande donc fortement d\u0027appliquer les mesures de\npr\u00e9vention suivantes :\n\n1.  renouveler l\u0027ensemble des \u00e9l\u00e9ments secrets stock\u00e9s sur la machine et\n    entreprendre les actions appropri\u00e9es en cons\u00e9quence ;\n\n2.  r\u00e9voquer les certificats potentiellement compromis ;\n\n3.  \u00e9tudier la possibilit\u00e9 de limiter la port\u00e9e des certificats\n    *multi-domaines* pour limiter l\u0027impact d\u0027une future compromission ;\n\n4.  renouveler les certificats sur les serveurs h\u00e9bergeant le logiciel\n    Citrix ainsi que tout autre serveur utilisant les certificats\n    multi-domaines pr\u00e9sents sur les serveurs h\u00e9bergeants le logiciel\n    compromis.\n\nLe CERT-FR recommande \u00e9galement de compl\u00e8tement r\u00e9installer les serveurs\nCitrix avant d\u0027appliquer la mise \u00e0 jour afin de repartir d\u0027une base\nsaine. Pour ce faire, il est aussi conseill\u00e9 d\u0027utiliser\u00a0une sauvegarde\nde la configuration ant\u00e9rieure \u00e0 d\u00e9cembre 2019.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 27 janvier 2020\\]\u003c/strong\u003e\n\nLes correctifs pour toutes les versions support\u00e9es sont disponibles. Le\nCERT-FR recommande de les installer dans les plus brefs d\u00e9lais.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 23 janvier 2020\\]\u003c/strong\u003e\n\nLe 22 janvier 2020, Citrix a fourni, en collaboration avec FireEye, un\noutil qui tente de rechercher des possibles exploitations de la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2019-19781. Contrairement \u00e0 l\u0027outil fourni le 17\njanvier qui permet de rechercher des machines vuln\u00e9rables sur le r\u00e9seau,\nil doit \u00eatre lanc\u00e9 en local.\n\nFireEye indique que l\u0027outil doit \u00eatre lanc\u00e9 avec les privil\u00e8ges\nadministrateur et ne garantit pas de rep\u00e9rer toutes les compromissions.\n\nL\u0027outil est pr\u00e9sent\u00e9 sur le site de\n[FireEye](https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html)\net est disponible sur\n[GitHub](https://github.com/fireeye/ioc-scanner-CVE-2019-19781/releases/tag/v1.0).\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 20 janvier 2020\\]\u003c/strong\u003e\n\nLe 19 janvier 2020, Citrix a publi\u00e9 les correctifs pour les versions\n12.0.x et 11.1.x.\n\nLa date de disponibilit\u00e9 des correctifs pour les autres versions a\n\u00e9galement \u00e9t\u00e9 avanc\u00e9e au 24 janvier 2020.\n\nConcernant les versions pour lesquelles certaines mesures de\ncontournement ne fonctionnent pas, Citrix a clarifi\u00e9 sa position. Seule\nla version \"*12.1 build 50.28*\" est affect\u00e9e. Il est recommand\u00e9 dans ce\ncas de migrer vers la version \"*12.1 build 50.28/50.31\"* ou une version\nult\u00e9rieure*.*\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 17 janvier 2020\\]\u003c/strong\u003e\n\nLe 16 janvier 2020, Citrix a mis \u00e0 jour son bulletin de s\u00e9curit\u00e9\nconcernant la vuln\u00e9rabilit\u00e9 CVE-2019-19781.\n\n\u003cs\u003eCitrix annonce que la mesure de contournement propos\u00e9e en attendant\nla sortie des correctifs ne fonctionne pas pour les versions 12.1.x\nsuivantes:\u003c/s\u003e\n\n-   \u003cs\u003eCitrix ADC et NetScaler Gateway versions 12.1.51.16 \u00e0\n    12.1.51.19\u003c/s\u003e\n-   \u003cs\u003eCitrix ADC et NetScaler Gateway versions 12.1.50.31\u003c/s\u003e\n\nCitrix recommande de migrer vers une version sur laquelle il est\npossible d\u0027appliquer la mesure de contournement.\n\nCitrix a \u00e9galement annonc\u00e9 que les mod\u00e8les Citrix SD-WAN WANOP 4000,\n4100, 5000 et 5100 sont \u00e9galement affect\u00e9 par la vuln\u00e9rabilit\u00e9\nCVE-2019-19781. Les correctifs seront disponibles le 27 janvier 2020\npour les versions Citrix SD-WAN WANOP 10.2.6 et 11.03.\n\nEnfin, Citrix a fourni un outil en Python afin de tester si son\n\u00e9quipement est vuln\u00e9rable\n:\u00a0\u003chttps://support.citrix.com/article/CTX269180\u003e\n\nDe mani\u00e8re g\u00e9n\u00e9rale, le CERT-FR recommande d\u0027\u00e9tudier la possibilit\u00e9 de\nd\u00e9connecter les serveurs Citrix concern\u00e9s en attendant la mise \u00e0 jour.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 13 janvier 2020\\]\u003c/strong\u003e\n\nDes codes d\u0027exploitation ont \u00e9t\u00e9 publi\u00e9s dans la nuit du 10 au 11\njanvier 2020. Leur utilisation a \u00e9t\u00e9 rapport\u00e9e par plusieurs sources\npubliques.\n\nLe 11 janvier 2020, Citrix a publi\u00e9 les dates de disponibilit\u00e9s des\ncorrectifs qui sont les suivantes :\n\n-   le 20 janvier 2020 pour\u00a0Citrix ADC et Citrix Gateway versions 11.1.x\n    et 12.0.x\n-   le \u003cs\u003e27 janvier 2020\u003c/s\u003e 24 janvier 2020 pour\u00a0Citrix ADC et Citrix\n    Gateway versions 12.1.x et 13.0.x\n-   le \u003cs\u003e31 janvier 2020\u003c/s\u003e 24 janvier 2020 pour NetScaler ADC et\n    NetScaler Gateway versions 10.5.x\n\n\u003cstrong\u003e\\[Version Initiale\\]\u003c/strong\u003e\n\nLe CERT-FR a connaissance de campagnes de d\u00e9tection de la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2019-19781 affectant les logiciels\u00a0Citrix ADC et\nCitrix Gateway. Une campagne de d\u00e9tection fait partie de la phase de\nreconnaissance qui est pr\u00e9alable \u00e0 la phase d\u0027exploitation.\n\nPour rappel, la vuln\u00e9rabilit\u00e9\u00a0CVE-2019-19781 permet une ex\u00e9cution de\ncode arbitraire \u00e0 distance. Citrix n\u0027a pas encore publi\u00e9 de correctif de\ns\u00e9curit\u00e9 mais a propos\u00e9 des mesures de contournements (cf. section\nDocumentation).\n\nDans l\u0027attente de la publication d\u0027un correctif, le CERT-FR recommande\nfortement l\u0027application des mesures de contournement.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Citrix ADC et Citrix Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "[1] Bulletin de s\u00e9curit\u00e9 Citrix CTX267027 du 17 d\u00e9cembre 2019",
      "url": "https://support.citrix.com/article/CTX267027"
    }
  ]
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX579459"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4966",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-22T05:00:08.466868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:35.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-10-18T00:00:00+00:00",
            "value": "CVE-2023-4966 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "8.50",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "49.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.19",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "37.164",
              "status": "affected",
              "version": "13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.300",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.300",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler Gateway",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "8.50",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "49.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.19",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T12:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cp\u003e\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eSensitive information disclosure\u0026nbsp;\u003c/span\u003e\u003c/b\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ein NetScaler ADC and NetScaler Gateway when configured as a\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eGateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eor\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eAAA \u202fvirtual\u202fserver.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e"
            }
          ],
          "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-25T15:06:16.721Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX579459"
        },
        {
          "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated sensitive information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-4966",
    "datePublished": "2023-10-10T13:12:17.644Z",
    "dateReserved": "2023-09-14T15:51:21.569Z",
    "dateUpdated": "2025-10-21T23:05:35.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3519",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-09T05:05:15.372531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-07-19",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3519"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:42.716Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3519"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-07-19T00:00:00+00:00",
            "value": "CVE-2023-3519 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "49.13",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "91.13",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "37.159",
              "status": "affected",
              "version": "13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.297",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.297",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler Gateway",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "49.13",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "91.13",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated remote code execution\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Unauthenticated remote code execution"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-04T17:06:36.277Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
        },
        {
          "url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-3519",
    "datePublished": "2023-07-19T17:51:39.739Z",
    "dateReserved": "2023-07-05T22:22:26.251Z",
    "dateUpdated": "2025-10-21T23:05:42.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX579459"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4966",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-22T05:00:08.466868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:35.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-10-18T00:00:00+00:00",
            "value": "CVE-2023-4966 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "8.50",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "49.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.19",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "37.164",
              "status": "affected",
              "version": "13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.300",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.300",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler Gateway",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "8.50",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "49.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.19",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T12:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cp\u003e\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eSensitive information disclosure\u0026nbsp;\u003c/span\u003e\u003c/b\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ein NetScaler ADC and NetScaler Gateway when configured as a\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eGateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eor\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eAAA \u202fvirtual\u202fserver.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e"
            }
          ],
          "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-25T15:06:16.721Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX579459"
        },
        {
          "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated sensitive information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-4966",
    "datePublished": "2023-10-10T13:12:17.644Z",
    "dateReserved": "2023-09-14T15:51:21.569Z",
    "dateUpdated": "2025-10-21T23:05:35.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3519",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-09T05:05:15.372531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-07-19",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3519"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:42.716Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3519"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-07-19T00:00:00+00:00",
            "value": "CVE-2023-3519 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "49.13",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "91.13",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "37.159",
              "status": "affected",
              "version": "13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.297",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.297",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler Gateway",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "49.13",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "91.13",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated remote code execution\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Unauthenticated remote code execution"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-04T17:06:36.277Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"
        },
        {
          "url": "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-3519",
    "datePublished": "2023-07-19T17:51:39.739Z",
    "dateReserved": "2023-07-05T22:22:26.251Z",
    "dateUpdated": "2025-10-21T23:05:42.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}