Refine your search
6 vulnerabilities found for Virtual Apps and Desktops by Citrix
CERTFR-2025-AVI-0568
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elle permet à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions 2402 LTSR CU1 sans le correctif de sécurité Update 1 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions antérieures à 2503 | ||
| Citrix | XenServer | XenServer version 8.4 sans le dernier correctif de sécurité | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions 2402 LTSR CU2 sans le correctif de sécurité Update 1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix Virtual Apps and Desktops versions 2402 LTSR CU1 sans le correctif de s\u00e9curit\u00e9 Update 1",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 2503",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer version 8.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops versions 2402 LTSR CU2 sans le correctif de s\u00e9curit\u00e9 Update 1",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6759"
},
{
"name": "CVE-2024-36357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36357"
},
{
"name": "CVE-2024-36350",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36350"
}
],
"initial_release_date": "2025-07-09T00:00:00",
"last_revision_date": "2025-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0568",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
"vendor_advisories": [
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694846",
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694846\u0026articleURL=XenServer_Security_Update_for_CVE_2024_36350_and_CVE_2024_36357"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694820",
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694820\u0026articleURL=Windows_Virtual_Delivery_Agent_for_CVAD_and_Citrix_DaaS_Security_Bulletin_CVE_2025_6759"
}
]
}
CERTFR-2024-AVI-0964
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Citrix. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Le CERT-FR a connaissance de codes d'exploitation publics pour les vulnérabilités CVE-2024-8068 et CVE-2024-8069.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | NetScaler ADC | NetScaler ADC versions12.1-FIPS antérieures à 12.1-55.321 | ||
| Citrix | NetScaler Gateway | NetScaler Gateway versions 14.1.x antérieures à 14.1-29.72 | ||
| Citrix | NetScaler ADC | NetScaler ADC versions antérieures à 13.1-55.34 | ||
| Citrix | Virtual Apps and Desktops | Virtual Apps and Desktops versions antérieures à 2407 avec le correctif de sécurité 24.5.200.8 | ||
| Citrix | NetScaler Gateway | NetScaler Gateway versions antérieures à 13.1-55.34 | ||
| Citrix | NetScaler ADC | NetScaler ADC versions 13.1-FIPS antérieures à 13.1-37.207 | ||
| Citrix | NetScaler ADC | NetScaler ADC versions 12.1-NDcPP antérieures à 12.1-55.321 | ||
| Citrix | NetScaler ADC | NetScaler ADC versions 14.1.x antérieures à 14.1-29.72 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions 2402 LTSR antérieures à CU1 hotfix 24.02.1200.16 | ||
| Citrix | Virtual Apps and Desktops | Virtual Apps and Desktops versions 1912 LTSR antérieures à CU9 hotfix 19.12.9100.6 | ||
| Citrix | Virtual Apps and Desktops | Virtual Apps and Desktops versions 2203 LTSR antérieures à CU5 hotfix 22.03.5100.11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetScaler ADC versions12.1-FIPS ant\u00e9rieures \u00e0 12.1-55.321",
"product": {
"name": "NetScaler ADC",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-29.72",
"product": {
"name": "NetScaler Gateway",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "NetScaler ADC versions ant\u00e9rieures \u00e0 13.1-55.34",
"product": {
"name": "NetScaler ADC",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 2407 avec le correctif de s\u00e9curit\u00e9 24.5.200.8",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 13.1-55.34",
"product": {
"name": "NetScaler Gateway",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "NetScaler ADC versions 13.1-FIPS ant\u00e9rieures \u00e0 13.1-37.207",
"product": {
"name": "NetScaler ADC",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "NetScaler ADC versions 12.1-NDcPP ant\u00e9rieures \u00e0 12.1-55.321",
"product": {
"name": "NetScaler ADC",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-29.72",
"product": {
"name": "NetScaler ADC",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops versions 2402 LTSR ant\u00e9rieures \u00e0 CU1 hotfix 24.02.1200.16",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Virtual Apps and Desktops versions 1912 LTSR ant\u00e9rieures \u00e0 CU9 hotfix 19.12.9100.6",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Virtual Apps and Desktops versions 2203 LTSR ant\u00e9rieures \u00e0 CU5 hotfix 22.03.5100.11",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": "Le CERT-FR a connaissance de codes d\u0027exploitation publics pour les vuln\u00e9rabilit\u00e9s CVE-2024-8068 et CVE-2024-8069.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-8535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8535"
},
{
"name": "CVE-2024-8069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8069"
},
{
"name": "CVE-2024-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8534"
},
{
"name": "CVE-2024-8068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8068"
}
],
"initial_release_date": "2024-11-12T00:00:00",
"last_revision_date": "2024-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0964",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-12T00:00:00.000000"
},
{
"description": "Le CERT-FR a connaissance de codes d\u0027exploitation publics",
"revision_date": "2024-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
"vendor_advisories": [
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX691608",
"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX691941",
"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069"
}
]
}
CERTFR-2023-AVI-0458
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | N/A | Linux Virtual Delivery Agent 1912 LTSR sans le correctif de sécurité CU7 hotfix 1(19.12.7001) | ||
| Citrix | N/A | Linux Virtual Delivery Agent versions antérieures à 2305 | ||
| Citrix | N/A | ShareFile storage zones controller versions antérieures à 5.11.24 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions antérieures à 2305 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops 1912 LTSR sans le correctif de sécurité CU7 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops 2203 LTSR sans le correctif de sécurité CU3 | ||
| Citrix | N/A | Linux Virtual Delivery Agent 2203 LTSR sans le correctif de sécurité CU3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Linux Virtual Delivery Agent 1912 LTSR sans le correctif de s\u00e9curit\u00e9 CU7 hotfix 1(19.12.7001)",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Linux Virtual Delivery Agent versions ant\u00e9rieures \u00e0 2305",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "ShareFile storage zones controller versions ant\u00e9rieures \u00e0 5.11.24",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 2305",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops 1912 LTSR sans le correctif de s\u00e9curit\u00e9 CU7",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops 2203 LTSR sans le correctif de s\u00e9curit\u00e9 CU3",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Linux Virtual Delivery Agent 2203 LTSR sans le correctif de s\u00e9curit\u00e9 CU3",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24489"
},
{
"name": "CVE-2023-24490",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24490"
}
],
"initial_release_date": "2023-06-14T00:00:00",
"last_revision_date": "2023-06-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0458",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX559517 du 13 juin 2023",
"url": "https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX559370 du 13 juin 2023",
"url": "https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490"
}
]
}
CERTFR-2023-AVI-0123
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Citrix. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions antérieures à 1912 LTSR CU6 | ||
| Citrix | Workspace app | Citrix Workspace App versions antérieures à 2203 LTSR CU2 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions antérieures à 2203 LTSR CU2 | ||
| Citrix | Workspace app | Citrix Workspace App versions antérieures à 2212 | ||
| Citrix | Workspace app | Citrix Workspace App versions antérieures à 1912 LTSR CU7 avec le correctif de sécurité Hotfix 2 (19.12.7002) | ||
| Citrix | Workspace app | Citrix Workspace app for Linux versions antérieures à 2302 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions antérieures à 2212 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 1912 LTSR CU6",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Workspace App versions ant\u00e9rieures \u00e0 2203 LTSR CU2",
"product": {
"name": "Workspace app",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 2203 LTSR CU2",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Workspace App versions ant\u00e9rieures \u00e0 2212",
"product": {
"name": "Workspace app",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Workspace App versions ant\u00e9rieures \u00e0 1912 LTSR CU7 avec le correctif de s\u00e9curit\u00e9 Hotfix 2 (19.12.7002)",
"product": {
"name": "Workspace app",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Workspace app for Linux versions ant\u00e9rieures \u00e0 2302",
"product": {
"name": "Workspace app",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 2212",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24486"
},
{
"name": "CVE-2023-24485",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24485"
},
{
"name": "CVE-2023-24483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24483"
},
{
"name": "CVE-2023-24484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24484"
}
],
"initial_release_date": "2023-02-15T00:00:00",
"last_revision_date": "2023-02-15T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0123",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Citrix\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9 et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX477617 du 14 f\u00e9vrier 2023",
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX477618 du 14 f\u00e9vrier 2023",
"url": "https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX477616 du 14 f\u00e9vrier 2023",
"url": "https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-desktops-security-bulletin-for-cve202324483"
}
]
}
CERTFR-2022-AVI-331
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Citrix. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | N/A | Citrix StoreFront versions antérieures à 1912 LTSR CU5 (1912.0.5000) | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions antérieures à 1912 LTSR CU5 | ||
| Citrix | N/A | XenMobile Server versions antérieures à 10.13.0 avec le patch 8 | ||
| Citrix | N/A | Citrix ADC et Citrix Gateway versions antérieures à 12.1-NDcPP 12.1-55.276 | ||
| Citrix | N/A | Citrix SD-WAN Standard/Premium Edition Appliance versions antérieures à 11.4.3a | ||
| Citrix | N/A | Citrix ADC et Citrix Gateway versions antérieures à 13.1-4.44 | ||
| Citrix | N/A | XenMobile Server versions antérieures à 10.13.0 avec le patch 7 | ||
| Citrix | N/A | XenMobile Server versions antérieures à 10.14.0 avec le patch 5 | ||
| Citrix | N/A | Citrix ADC et Citrix Gateway versions antérieures à 12.1-63.22 | ||
| Citrix | N/A | Citrix SD-WAN Standard/Premium Edition Appliance versions antérieures à 11.4.1 | ||
| Citrix | N/A | Citrix ADC et Citrix Gateway versions antérieures à 12.1-FIPS 12.1-55.277 | ||
| Citrix | N/A | Citrix SD-WAN Orchestrator for On-Premises versions antérieures à 13.2.1 | ||
| Citrix | N/A | Citrix StoreFront versions antérieures à 2203 LTSR (2203.0.0) | ||
| Citrix | N/A | Citrix SD-WAN Center Management Console versions antérieures 11.4.3 | ||
| Citrix | N/A | XenMobile Server versions antérieures à 10.14.0 avec le patch 4 | ||
| Citrix | N/A | Citrix Gateway Plug-in for Windows versions antérieures à 21.9.1.2 | ||
| Citrix | N/A | Citrix ADC et Citrix Gateway versions antérieures à 13.0-83.29 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops versions antérieures à 2203 LTSR |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix StoreFront versions ant\u00e9rieures \u00e0 1912 LTSR CU5 (1912.0.5000)",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 1912 LTSR CU5",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenMobile Server versions ant\u00e9rieures \u00e0 10.13.0 avec le patch 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix ADC et Citrix Gateway versions ant\u00e9rieures \u00e0 12.1-NDcPP 12.1-55.276",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix SD-WAN Standard/Premium Edition Appliance versions ant\u00e9rieures \u00e0 11.4.3a",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix ADC et Citrix Gateway versions ant\u00e9rieures \u00e0 13.1-4.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenMobile Server versions ant\u00e9rieures \u00e0 10.13.0 avec le patch 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenMobile Server versions ant\u00e9rieures \u00e0 10.14.0 avec le patch 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix ADC et Citrix Gateway versions ant\u00e9rieures \u00e0 12.1-63.22",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix SD-WAN Standard/Premium Edition Appliance versions ant\u00e9rieures \u00e0 11.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix ADC et Citrix Gateway versions ant\u00e9rieures \u00e0 12.1-FIPS 12.1-55.277",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix SD-WAN Orchestrator for On-Premises versions ant\u00e9rieures \u00e0 13.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix StoreFront versions ant\u00e9rieures \u00e0 2203 LTSR (2203.0.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix SD-WAN Center Management Console versions ant\u00e9rieures 11.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenMobile Server versions ant\u00e9rieures \u00e0 10.14.0 avec le patch 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Gateway Plug-in for Windows versions ant\u00e9rieures \u00e0 21.9.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix ADC et Citrix Gateway versions ant\u00e9rieures \u00e0 13.0-83.29",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops versions ant\u00e9rieures \u00e0 2203 LTSR",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44520"
},
{
"name": "CVE-2022-26151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26151"
},
{
"name": "CVE-2022-27506",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27506"
},
{
"name": "CVE-2022-21827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21827"
},
{
"name": "CVE-2022-27505",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27505"
},
{
"name": "CVE-2021-44519",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44519"
},
{
"name": "CVE-2022-27503",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27503"
}
],
"initial_release_date": "2022-04-13T00:00:00",
"last_revision_date": "2022-04-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-331",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX370550 du 12 avril 2022",
"url": "https://support.citrix.com/article/CTX370550"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX377814 du 12 avril 2022",
"url": "https://support.citrix.com/article/CTX377814"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX370551 du 12 avril 2022",
"url": "https://support.citrix.com/article/CTX370551"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX341455 du 12 avril 2022",
"url": "https://support.citrix.com/article/CTX341455"
}
]
}
CERTFR-2020-AVI-731
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | N/A | Citrix XenApp / XenDesktop 7.15 LTSR sans les derniers correctifs de sécurité | ||
| Citrix | N/A | Citrix SD-WAN versions 10.2.x antérieures à 10.2.8 | ||
| Citrix | N/A | Citrix SD-WAN versions 11.2.x antérieures à 11.2.2 | ||
| Citrix | Virtual Apps and Desktops | Citrix Virtual Apps and Desktops 1912 LTSR sans les derniers correctifs de sécurité | ||
| Citrix | N/A | Citrix SD-WAN versions 11.1.x antérieures à 11.1.2b |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenApp / XenDesktop 7.15 LTSR sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix SD-WAN versions 10.2.x ant\u00e9rieures \u00e0 10.2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix SD-WAN versions 11.2.x ant\u00e9rieures \u00e0 11.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Virtual Apps and Desktops 1912 LTSR sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Virtual Apps and Desktops",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix SD-WAN versions 11.1.x ant\u00e9rieures \u00e0 11.1.2b",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8271",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8271"
},
{
"name": "CVE-2020-8270",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8270"
},
{
"name": "CVE-2020-8273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8273"
},
{
"name": "CVE-2020-8272",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8272"
},
{
"name": "CVE-2020-8269",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8269"
}
],
"initial_release_date": "2020-11-12T00:00:00",
"last_revision_date": "2020-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-731",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX285061 du 10 novembre 2020",
"url": "https://support.citrix.com/article/CTX285061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX285059 du 10 novembre 2020",
"url": "https://support.citrix.com/article/CTX285059"
}
]
}