Vulnerabilites related to citrix - xenmobile_server
CVE-2016-2789 (GCVE-0-2016-2789)
Vulnerability from cvelistv5
Published
2016-04-07 23:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035265 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX207499 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:21.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX207499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX207499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035265",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035265"
},
{
"name": "http://support.citrix.com/article/CTX207499",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX207499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2789",
"datePublished": "2016-04-07T23:00:00",
"dateReserved": "2016-03-01T00:00:00",
"dateUpdated": "2024-08-05T23:32:21.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10652 (GCVE-0-2018-10652)
Vulnerability from cvelistv5
Published
2018-05-23 17:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX234879 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX234879",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10652",
"datePublished": "2018-05-23T17:00:00",
"dateReserved": "2018-05-02T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8253 (GCVE-0-2020-8253)
Vulnerability from cvelistv5
Published
2020-09-18 20:12
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication - Generic ()
Summary
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX277457 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix XenMobile Server |
Version: Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server 10.9 RP5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix XenMobile Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server 10.9 RP5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication - Generic (CWE-287)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T20:12:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix XenMobile Server",
"version": {
"version_data": [
{
"version_value": "Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server 10.9 RP5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication - Generic (CWE-287)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX277457",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX277457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8253",
"datePublished": "2020-09-18T20:12:00",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10649 (GCVE-0-2018-10649)
Vulnerability from cvelistv5
Published
2018-05-23 17:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX234879 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX234879",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10649",
"datePublished": "2018-05-23T17:00:00",
"dateReserved": "2018-05-02T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6877 (GCVE-0-2016-6877)
Vulnerability from cvelistv5
Published
2017-05-05 20:00
Modified
2024-08-06 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98341 | vdb-entry, x_refsource_BID | |
| https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98341"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports \"our internal analysis of this issue concluded that this was not a valid vulnerability\" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-26T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98341"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports \"our internal analysis of this issue concluded that this was not a valid vulnerability\" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98341"
},
{
"name": "https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/",
"refsource": "MISC",
"url": "https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6877",
"datePublished": "2017-05-05T20:00:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44519 (GCVE-0-2021-44519)
Vulnerability from cvelistv5
Published
2022-04-19 15:26
Modified
2024-08-04 04:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f | x_refsource_MISC | |
| https://docs.citrix.com/en-us/xenmobile/server/document-history.html | x_refsource_MISC | |
| https://support.citrix.com/article/CTX370551 | x_refsource_MISC | |
| https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-10T14:07:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f",
"refsource": "MISC",
"url": "https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f"
},
{
"name": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html",
"refsource": "MISC",
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"name": "https://support.citrix.com/article/CTX370551",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX370551"
},
{
"name": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44519",
"datePublished": "2022-04-19T15:26:27",
"dateReserved": "2021-12-01T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8210 (GCVE-0-2020-8210)
Vulnerability from cvelistv5
Published
2020-08-17 15:39
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Disclosure ()
Summary
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX277457 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix XenMobile Server |
Version: Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix XenMobile Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:39:33",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix XenMobile Server",
"version": {
"version_data": [
{
"version_value": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX277457",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX277457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8210",
"datePublished": "2020-08-17T15:39:33",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44520 (GCVE-0-2021-44520)
Vulnerability from cvelistv5
Published
2022-04-12 23:21
Modified
2024-08-04 04:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.citrix.com/en-us/xenmobile/server/document-history.html | x_refsource_MISC | |
| https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709 | x_refsource_MISC | |
| https://support.citrix.com/article/CTX370551 | x_refsource_MISC | |
| https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-10T13:31:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html",
"refsource": "MISC",
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"name": "https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709",
"refsource": "MISC",
"url": "https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709"
},
{
"name": "https://support.citrix.com/article/CTX370551",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX370551"
},
{
"name": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44520",
"datePublished": "2022-04-12T23:21:37",
"dateReserved": "2021-12-01T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10648 (GCVE-0-2018-10648)
Vulnerability from cvelistv5
Published
2018-05-23 17:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX234879 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX234879",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10648",
"datePublished": "2018-05-23T17:00:00",
"dateReserved": "2018-05-02T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18571 (GCVE-0-2018-18571)
Vulnerability from cvelistv5
Published
2019-06-05 14:53
Modified
2024-08-05 11:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/108081 | vdb-entry, x_refsource_BID | |
| https://support.citrix.com/article/CTX247736 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "108081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX247736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T17:43:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "108081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX247736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108081"
},
{
"name": "https://support.citrix.com/article/CTX247736",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX247736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18571",
"datePublished": "2019-06-05T14:53:57",
"dateReserved": "2018-10-22T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18013 (GCVE-0-2018-18013)
Vulnerability from cvelistv5
Published
2018-10-24 21:00
Modified
2024-08-05 11:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/",
"refsource": "MISC",
"url": "https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18013",
"datePublished": "2018-10-24T21:00:00",
"dateReserved": "2018-10-05T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18014 (GCVE-0-2018-18014)
Vulnerability from cvelistv5
Published
2018-10-24 21:00
Modified
2024-08-05 11:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-18014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:34:15.340220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:34:45.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/",
"refsource": "MISC",
"url": "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18014",
"datePublished": "2018-10-24T21:00:00",
"dateReserved": "2018-10-05T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8212 (GCVE-0-2020-8212)
Vulnerability from cvelistv5
Published
2020-08-17 15:40
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function ()
Summary
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX277457 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix XenMobile Server |
Version: Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix XenMobile Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "Exposed Dangerous Method or Function (CWE-749)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:40:35",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix XenMobile Server",
"version": {
"version_data": [
{
"version_value": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposed Dangerous Method or Function (CWE-749)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX277457",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX277457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8212",
"datePublished": "2020-08-17T15:40:35",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8209 (GCVE-0-2020-8209)
Vulnerability from cvelistv5
Published
2020-08-17 15:37
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Path Traversal ()
Summary
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX277457 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix XenMobile Server |
Version: Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix XenMobile Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal (CWE-22)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:37:15",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix XenMobile Server",
"version": {
"version_data": [
{
"version_value": "Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX277457",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX277457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8209",
"datePublished": "2020-08-17T15:37:15",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10651 (GCVE-0-2018-10651)
Vulnerability from cvelistv5
Published
2018-05-23 17:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX234879 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX234879",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10651",
"datePublished": "2018-05-23T17:00:00",
"dateReserved": "2018-05-02T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9231 (GCVE-0-2017-9231)
Vulnerability from cvelistv5
Published
2017-06-16 22:00
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98995 | vdb-entry, x_refsource_BID | |
| https://support.citrix.com/article/CTX220138 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038704 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:43.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220138"
},
{
"name": "1038704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220138"
},
{
"name": "1038704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98995"
},
{
"name": "https://support.citrix.com/article/CTX220138",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220138"
},
{
"name": "1038704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9231",
"datePublished": "2017-06-16T22:00:00",
"dateReserved": "2017-05-24T00:00:00",
"dateUpdated": "2024-08-05T17:02:43.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8208 (GCVE-0-2020-8208)
Vulnerability from cvelistv5
Published
2020-08-17 15:36
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS) - Reflected ()
Summary
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX277457 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix XenMobile Server |
Version: Citrix XenMobile Server 10.12 RP1, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix XenMobile Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix XenMobile Server 10.12 RP1, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:36:10",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix XenMobile Server",
"version": {
"version_data": [
{
"version_value": "Citrix XenMobile Server 10.12 RP1, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX277457",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX277457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8208",
"datePublished": "2020-08-17T15:36:10",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10654 (GCVE-0-2018-10654)
Vulnerability from cvelistv5
Published
2018-05-23 17:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX234879 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX234879",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10654",
"datePublished": "2018-05-23T17:00:00",
"dateReserved": "2018-05-02T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10650 (GCVE-0-2018-10650)
Vulnerability from cvelistv5
Published
2018-05-23 17:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX234879 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX234879",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10650",
"datePublished": "2018-05-23T17:00:00",
"dateReserved": "2018-05-02T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26151 (GCVE-0-2022-26151)
Vulnerability from cvelistv5
Published
2022-04-12 23:21
Modified
2024-08-03 04:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/search | x_refsource_MISC | |
| https://support.citrix.com/article/CTX370551 | x_refsource_MISC | |
| https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/search"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-10T17:10:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/search"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/search",
"refsource": "MISC",
"url": "https://support.citrix.com/search"
},
{
"name": "https://support.citrix.com/article/CTX370551",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX370551"
},
{
"name": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26151",
"datePublished": "2022-04-12T23:21:40",
"dateReserved": "2022-02-27T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10653 (GCVE-0-2018-10653)
Vulnerability from cvelistv5
Published
2018-05-23 17:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX234879 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T18:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX234879",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234879"
},
{
"name": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10653",
"datePublished": "2018-05-23T17:00:00",
"dateReserved": "2018-05-02T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8211 (GCVE-0-2020-8211)
Vulnerability from cvelistv5
Published
2020-08-17 15:40
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Command Injection - Generic ()
Summary
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX277457 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix XenMobile Server |
Version: Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix XenMobile Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection - Generic (CWE-77)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:40:20",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix XenMobile Server",
"version": {
"version_data": [
{
"version_value": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection - Generic (CWE-77)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX277457",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX277457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8211",
"datePublished": "2020-08-17T15:40:20",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:27.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-04-07 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.0 | |
| citrix | xenmobile_server | 10.1 | |
| citrix | xenmobile_server | 10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32730AFA-91E0-4D94-9FA6-32E4C36ECDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3C3D0C-5D36-4292-A007-9AD42D4C1A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF648C17-10B1-49C1-9573-575ED79B8007",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la Web User Interface en Citrix XenMobile Server 10.0, 10.1 en versiones anteriores a Rolling Patch 4 y 10.3 en versiones anteriores a Rolling Patch 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-2789",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-07T23:59:08.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX207499"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX207499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035265"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 00:15
Modified
2024-11-21 06:53
Severity ?
Summary
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX370551 | Vendor Advisory | |
| cve@mitre.org | https://support.citrix.com/search | Vendor Advisory | |
| cve@mitre.org | https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX370551 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/search | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A5E100E3-DB2D-4BD9-8A88-5A5AB0A8B05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "953FFC6A-DD56-4D9D-AC6D-5BE9D6FA2BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_4:*:*:*:*:*:*",
"matchCriteriaId": "650C033F-3CB3-474F-8EB3-E82A357333C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "1282B23B-EEEC-4282-A582-36CDF4C1F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_6:*:*:*:*:*:*",
"matchCriteriaId": "DD3BB57A-8AA5-4750-9051-821E78CC4068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_7:*:*:*:*:*:*",
"matchCriteriaId": "D9391AFA-D8E5-4CDD-897F-CC453AE712C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "83FE83E0-EC43-4647-8FE7-D11575ACC932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_1:*:*:*:*:*:*",
"matchCriteriaId": "F9C13D27-C65D-4FBF-B69E-07C85937F489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "73945598-F99D-4C10-AF2D-5F8A2F82AB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "D28A9106-7198-49B0-AC39-09AEE4364F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_4:*:*:*:*:*:*",
"matchCriteriaId": "AF8705A4-7126-4472-9254-BDC18B35B412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection."
},
{
"lang": "es",
"value": "Citrix XenMobile Server 10.12 hasta RP11, 10.13 hasta RP7 y 10.14 hasta RP4 permiten la inyecci\u00f3n de comandos"
}
],
"id": "CVE-2022-26151",
"lastModified": "2024-11-21T06:53:31.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T00:15:19.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/search"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/search"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 03:56
Severity ?
Summary
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/108081 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.citrix.com/article/CTX247736 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108081 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX247736 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.8.0 | |
| citrix | xenmobile_server | 10.8.0 | |
| citrix | xenmobile_server | 10.8.0 | |
| citrix | xenmobile_server | 10.8.0 | |
| citrix | xenmobile_server | 10.8.0 | |
| citrix | xenmobile_server | 10.8.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D77B25A0-9EC4-4824-A206-719CE8EA638E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "8403629F-9514-4D69-AFCC-C869BBB7C40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "5B147FBB-F222-4475-97DB-B1968169D5E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "20B1C1FD-477C-417B-A81C-12A84A88FAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "4C4E8A9F-FC3E-489E-A5D1-5D33F22FCB7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "9B3A9270-8638-454C-B9DA-DFCABDEFD954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device."
},
{
"lang": "es",
"value": "Fue encontrada una vulnerabilidad de control de acceso incorrecto en Citrix XenMobile Server versi\u00f3n 10.8.0 anterior a Rolling Patch 6 y 10.9.0 anterior a Rolling Patch 3. Un atacante puede suplantar y tomar acciones en nombre de cualquier dispositivo inscrito en Mobile Application Management (MAM)."
}
],
"id": "CVE-2018-18571",
"lastModified": "2024-11-21T03:56:10.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T15:29:00.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108081"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX247736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX247736"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-24 21:29
Modified
2024-11-21 03:55
Severity ?
Summary
* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
"versionEndIncluding": "10.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost."
},
{
"lang": "es",
"value": "** EN DISPUTA ** Xen Mobile hasta la versi\u00f3n 10.8.0 incluye un servicio en escucha en el puerto 5001 en su firewall que acepta entradas no autenticadas. Si el servicio se proporciona con objetos Java serializados en bruto, los vuelve a deserializar en objetos Java en la memoria, lo que provoca una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. NOTA: el fabricante discute que esto sea una vulnerabilidad, indicando que \"ya ha sido mitigado por el firewall interno que limita el acceso a los servicios de configuraci\u00f3n del localhost\"."
}
],
"id": "CVE-2018-18013",
"lastModified": "2024-11-21T03:55:22.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-24T21:29:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://advisories.dxw.com/advisories/xen-mobile-vulnerable-to-code-execution-via-object-serialisation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-16 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98995 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1038704 | ||
| cve@mitre.org | https://support.citrix.com/article/CTX220138 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98995 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038704 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX220138 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 9.0 | |
| citrix | xenmobile_server | 10.0 | |
| citrix | xenmobile_server | 10.1 | |
| citrix | xenmobile_server | 10.3 | |
| citrix | xenmobile_server | 10.3.5 | |
| citrix | xenmobile_server | 10.3.6 | |
| citrix | xenmobile_server | 10.4 | |
| citrix | xenmobile_server | 10.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:xenmobile_server:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA111D25-3870-427B-B9DF-545CB07CF0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:xenmobile_server:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B66150E7-E4C3-4895-B806-FCE001EE0739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:xenmobile_server:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "178F3810-071A-40FF-A22A-D6DB0C53931F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:xenmobile_server:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF8A1F0-372E-4A4A-889A-1AF5F287ECC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:xenmobile_server:10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE08E27-1B91-4187-8F7E-17DE03C94612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:xenmobile_server:10.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D2A8B0-6BD3-48FB-AC71-D087D099C458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:xenmobile_server:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837A66B0-F1DB-4E95-880C-8A7533B0574A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:xenmobile_server:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED27536-FB52-4D4A-925C-715511536E6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XML external entity (XXE) en Citrix XenMobile Server versi\u00f3n 9.x y versi\u00f3n 10.x anterior a 10.5 RP3, permite a los atacantes obtener informaci\u00f3n confidencial por medio de vectores no especificados."
}
],
"id": "CVE-2017-9231",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-16T22:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98995"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038704"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX220138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX220138"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-17 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX277457 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX277457 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
"versionEndIncluding": "10.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0A620E08-F0EA-4132-8D2F-8D1DD284DD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files."
},
{
"lang": "es",
"value": "Un control de acceso inapropiado en Citrix XenMobile Server versiones 10.12 anteriores a RP2, Citrix XenMobile Server versiones 10.11 anteriores a RP4, Citrix XenMobile Server versiones 10.10 anteriores a RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5 y conlleva a una habilidad de leer archivos arbitrarios."
}
],
"id": "CVE-2020-8209",
"lastModified": "2024-11-21T05:38:30.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-17T16:15:13.343",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98341 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98341 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8D704B-F5A6-4807-BE38-9F715D716173",
"versionEndIncluding": "10.3.6.310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports \"our internal analysis of this issue concluded that this was not a valid vulnerability\" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session"
},
{
"lang": "es",
"value": "**EN DISPUTA** Citrix XenMobile Server en versiones anteriores a la 10.5.0.24 permite a atacantes man-in-the-middle lanzar redirecciones HTTP 302 a trav\u00e9s de vectores relacionados con la cabecera HTTP Host y una p\u00e1gina cacheada. NOTA: El fabricante informa \"nuestro an\u00e1lisis interno de este problema concluye en que esto no fue una vulnerabilidad v\u00e1lida\" porque un escenario donde se explote implica un ataque man-in-the-middle contra una sesi\u00f3n TLS."
}
],
"id": "CVE-2016-6877",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-05T20:29:00.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98341"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-23 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX234879 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX234879 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B3A542-9DF6-4BDD-A98E-80872251804F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC728C4-D4A3-4C22-90DE-54410FDF095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp2:*:*:*:*:*:*",
"matchCriteriaId": "1C4AA99F-E4ED-4D27-AA50-0E4D9CCDBE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de Cross-Site Scripting (XSS) en Citrix XenMobile Server, en versiones 10.7 anteriores a la RP3."
}
],
"id": "CVE-2018-10649",
"lastModified": "2024-11-21T03:41:43.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-23T17:29:00.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX277457 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX277457 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
"versionEndIncluding": "10.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0A620E08-F0EA-4132-8D2F-8D1DD284DD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files."
},
{
"lang": "es",
"value": "Una autenticaci\u00f3n inapropiada en Citrix XenMobile Server versiones 10.12 anteriores a RP2, Citrix XenMobile Server versiones 10.11 anteriores a RP4, Citrix XenMobile Server versiones 10.10 anteriores a RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, conlleva a la capacidad de acceder a archivos confidenciales"
}
],
"id": "CVE-2020-8253",
"lastModified": "2024-11-21T05:38:35.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-18T21:15:13.577",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-17 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX277457 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX277457 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
"versionEndIncluding": "10.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0A620E08-F0EA-4132-8D2F-8D1DD284DD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "734CD590-7B5E-4067-BDB1-A3780812B619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "2ABFF915-CB4B-4AE9-87BE-C3FF6E846BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "954AD540-BAB0-4F96-B123-1E4D408CDB49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account."
},
{
"lang": "es",
"value": "Protecci\u00f3n insuficiente de secretos en Citrix XenMobile Server versiones 10.12 anteriores a RP3, Citrix XenMobile Server versiones 10.11 anteriores a RP6, Citrix XenMobile Server 10.10 RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, revela unas credenciales de una cuenta de servicio."
}
],
"id": "CVE-2020-8210",
"lastModified": "2024-11-21T05:38:30.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-17T16:15:13.403",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 00:15
Modified
2024-11-21 06:31
Severity ?
Summary
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A5E100E3-DB2D-4BD9-8A88-5A5AB0A8B05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "953FFC6A-DD56-4D9D-AC6D-5BE9D6FA2BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_4:*:*:*:*:*:*",
"matchCriteriaId": "650C033F-3CB3-474F-8EB3-E82A357333C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "1282B23B-EEEC-4282-A582-36CDF4C1F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_6:*:*:*:*:*:*",
"matchCriteriaId": "DD3BB57A-8AA5-4750-9051-821E78CC4068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "83FE83E0-EC43-4647-8FE7-D11575ACC932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_1:*:*:*:*:*:*",
"matchCriteriaId": "F9C13D27-C65D-4FBF-B69E-07C85937F489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "73945598-F99D-4C10-AF2D-5F8A2F82AB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "D28A9106-7198-49B0-AC39-09AEE4364F3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges."
},
{
"lang": "es",
"value": "En Citrix XenMobile Server versiones hasta 10.12 RP9, se presenta una vulnerabilidad de Inyecci\u00f3n de Comandos Autenticados, conllevando a una ejecuci\u00f3n de c\u00f3digo remota con privilegios root"
}
],
"id": "CVE-2021-44520",
"lastModified": "2024-11-21T06:31:08.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T00:15:19.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"source": "cve@mitre.org",
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-23 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX234879 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX234879 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CA68C4BA-7046-4259-B3A3-A161AD5D1650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:rp1:*:*:*:*:*:*",
"matchCriteriaId": "227A4E76-4DBE-419C-B822-907EA1CDD36C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B3A542-9DF6-4BDD-A98E-80872251804F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC728C4-D4A3-4C22-90DE-54410FDF095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp2:*:*:*:*:*:*",
"matchCriteriaId": "1C4AA99F-E4ED-4D27-AA50-0E4D9CCDBE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
},
{
"lang": "es",
"value": "Hay vulnerabilidades de subida de archivos sin autenticar en Citrix XenMobile Server, en versiones 10.8 anteriores a la RP2 y 10.7 anteriores a la RP3."
}
],
"id": "CVE-2018-10648",
"lastModified": "2024-11-21T03:41:43.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-23T17:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-23 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CA68C4BA-7046-4259-B3A3-A161AD5D1650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:rp1:*:*:*:*:*:*",
"matchCriteriaId": "227A4E76-4DBE-419C-B822-907EA1CDD36C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B3A542-9DF6-4BDD-A98E-80872251804F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC728C4-D4A3-4C22-90DE-54410FDF095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp2:*:*:*:*:*:*",
"matchCriteriaId": "1C4AA99F-E4ED-4D27-AA50-0E4D9CCDBE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de procesamiento de XEE (XML External Entity) en Citrix XenMobile Server, en versiones 10.8 anteriores a la RP2 y 10.7 anteriores a la RP3."
}
],
"id": "CVE-2018-10653",
"lastModified": "2024-11-21T03:41:44.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-23T17:29:01.130",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-23 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX234879 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX234879 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B3A542-9DF6-4BDD-A98E-80872251804F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC728C4-D4A3-4C22-90DE-54410FDF095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp2:*:*:*:*:*:*",
"matchCriteriaId": "1C4AA99F-E4ED-4D27-AA50-0E4D9CCDBE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de fuga de informaci\u00f3n sensible en Citrix XenMobile Server, en versiones 10.7 anteriores a la RP3."
}
],
"id": "CVE-2018-10652",
"lastModified": "2024-11-21T03:41:44.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-23T17:29:00.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-17 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX277457 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX277457 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
"versionEndIncluding": "10.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0A620E08-F0EA-4132-8D2F-8D1DD284DD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS)."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n de entrada inapropiada en Citrix XenMobile Server versiones 10.12 anteriores a RP1, Citrix XenMobile Server versiones 10.11 anteriores a RP4, Citrix XenMobile Server versiones 10.11 anteriores a RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, permite un ataque de tipo Cross-Site Scripting (XSS)."
}
],
"id": "CVE-2020-8208",
"lastModified": "2024-11-21T05:38:30.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-17T16:15:13.263",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-19 16:17
Modified
2024-11-21 06:31
Severity ?
Summary
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.13.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 | |
| citrix | xenmobile_server | 10.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A5E100E3-DB2D-4BD9-8A88-5A5AB0A8B05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "953FFC6A-DD56-4D9D-AC6D-5BE9D6FA2BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_4:*:*:*:*:*:*",
"matchCriteriaId": "650C033F-3CB3-474F-8EB3-E82A357333C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "1282B23B-EEEC-4282-A582-36CDF4C1F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_6:*:*:*:*:*:*",
"matchCriteriaId": "DD3BB57A-8AA5-4750-9051-821E78CC4068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "83FE83E0-EC43-4647-8FE7-D11575ACC932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_1:*:*:*:*:*:*",
"matchCriteriaId": "F9C13D27-C65D-4FBF-B69E-07C85937F489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "73945598-F99D-4C10-AF2D-5F8A2F82AB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "D28A9106-7198-49B0-AC39-09AEE4364F3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution."
},
{
"lang": "es",
"value": "En Citrix XenMobile Server versiones hasta 10.12 RP9, se presenta una vulnerabilidad de salto de directorio autenticado, conllevando a una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2021-44519",
"lastModified": "2024-11-21T06:31:08.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-19T16:17:09.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.citrix.com/en-us/xenmobile/server/document-history.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX370551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-17 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX277457 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX277457 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.9.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
"versionEndIncluding": "10.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0A620E08-F0EA-4132-8D2F-8D1DD284DD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "734CD590-7B5E-4067-BDB1-A3780812B619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "2ABFF915-CB4B-4AE9-87BE-C3FF6E846BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "954AD540-BAB0-4F96-B123-1E4D408CDB49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n de entrada inapropiada en Citrix XenMobile Server versiones 10.12 anteriores a RP3, Citrix XenMobile Server versiones 10.11 anteriores a RP6, Citrix XenMobile Server 10.10 RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, permite una inyecci\u00f3n SQL."
}
],
"id": "CVE-2020-8211",
"lastModified": "2024-11-21T05:38:30.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-17T16:15:13.483",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-23 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX234879 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX234879 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CA68C4BA-7046-4259-B3A3-A161AD5D1650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:rp1:*:*:*:*:*:*",
"matchCriteriaId": "227A4E76-4DBE-419C-B822-907EA1CDD36C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B3A542-9DF6-4BDD-A98E-80872251804F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC728C4-D4A3-4C22-90DE-54410FDF095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp2:*:*:*:*:*:*",
"matchCriteriaId": "1C4AA99F-E4ED-4D27-AA50-0E4D9CCDBE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de validaci\u00f3n insuficiente de ruta en Citrix XenMobile Server, en versiones 10.8 anteriores a la RP2 y 10.7 anteriores a la RP3."
}
],
"id": "CVE-2018-10650",
"lastModified": "2024-11-21T03:41:43.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-23T17:29:00.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-23 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX234879 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX234879 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CA68C4BA-7046-4259-B3A3-A161AD5D1650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:rp1:*:*:*:*:*:*",
"matchCriteriaId": "227A4E76-4DBE-419C-B822-907EA1CDD36C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B3A542-9DF6-4BDD-A98E-80872251804F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC728C4-D4A3-4C22-90DE-54410FDF095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp2:*:*:*:*:*:*",
"matchCriteriaId": "1C4AA99F-E4ED-4D27-AA50-0E4D9CCDBE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de deserializaci\u00f3n Java de la biblioteca Hazelcast en Citrix XenMobile Server, en versiones 10.8 anteriores a la RP2 y 10.7 anteriores a la RP3."
}
],
"id": "CVE-2018-10654",
"lastModified": "2024-11-21T03:41:44.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-23T17:29:01.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-24 21:29
Modified
2024-11-21 03:55
Severity ?
Summary
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
"versionEndIncluding": "10.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost."
},
{
"lang": "es",
"value": "** EN DISPUTA ** La falta de autenticaci\u00f3n en Citrix Xen Mobile hasta la versi\u00f3n 10.8 permite que usuarios locales con pocos privilegios ejecuten comandos del sistema como root realizando peticiones a servicios privados que escuchan en los puertos 8000, 30000 y 30001. NOTA: el fabricante discute que esto sea una vulnerabilidad, indicando que \"ya ha sido mitigado por el firewall interno que limita el acceso a los servicios de configuraci\u00f3n del localhost\"."
}
],
"id": "CVE-2018-18014",
"lastModified": "2024-11-21T03:55:22.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-10-24T21:29:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-17 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX277457 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX277457 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | * | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.10.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.11.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 | |
| citrix | xenmobile_server | 10.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4492E6-23CD-4162-94F8-B47A64123978",
"versionEndIncluding": "10.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
"matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch4:*:*:*:*:*:*",
"matchCriteriaId": "734CD590-7B5E-4067-BDB1-A3780812B619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch5:*:*:*:*:*:*",
"matchCriteriaId": "2ABFF915-CB4B-4AE9-87BE-C3FF6E846BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
"matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch2:*:*:*:*:*:*",
"matchCriteriaId": "954AD540-BAB0-4F96-B123-1E4D408CDB49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality."
},
{
"lang": "es",
"value": "Un control de acceso inapropiado en Citrix XenMobile Server versiones 10.12 anteriores a RP3, Citrix XenMobile Server versiones 10.11 anteriores a RP6, Citrix XenMobile Server versi\u00f3n 10.10 RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, permite acceso a funcionalidades privilegiadas."
}
],
"id": "CVE-2020-8212",
"lastModified": "2024-11-21T05:38:30.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-17T16:15:13.547",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-749"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-23 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX234879 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX234879 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.8 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 | |
| citrix | xenmobile_server | 10.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CA68C4BA-7046-4259-B3A3-A161AD5D1650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8:rp1:*:*:*:*:*:*",
"matchCriteriaId": "227A4E76-4DBE-419C-B822-907EA1CDD36C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B3A542-9DF6-4BDD-A98E-80872251804F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC728C4-D4A3-4C22-90DE-54410FDF095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenmobile_server:10.7:rp2:*:*:*:*:*:*",
"matchCriteriaId": "1C4AA99F-E4ED-4D27-AA50-0E4D9CCDBE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3."
},
{
"lang": "es",
"value": "Hay vulnerabilidades de redirecci\u00f3n abierta en Citrix XenMobile Server, en versiones 10.8 anteriores a la RP2 y 10.7 anteriores a la RP3."
}
],
"id": "CVE-2018-10651",
"lastModified": "2024-11-21T03:41:44.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-23T17:29:00.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX234879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}