Vulnerability-Lookup

CVE-2020-8209 (GCVE-0-2020-8209)

Vulnerability from cvelistv5 – Published: 2020-08-17 15:37 – Updated: 2024-08-04 09:56

KEVintel KEV

Summary

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Path Traversal (CWE-22)

Assigner

hackerone

References

1 reference

URL	Tags
https://support.citrix.com/article/CTX277457	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Citrix XenMobile Server	Affected: Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 341879d4-5c0f-4998-a7c0-7536889febc7

Vulnerability ID: CVE-2020-8209

Status: Confirmed

Status Updated: 2025-06-14 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2025-06-14

Asserted: 2025-06-14

Scope

Notes: KEVIntel entry: Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before... | Affected: Citrix / XenMobile Server | CVSS: 7.5 (HIGH) | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before...
Vendor	Citrix
Product	XenMobile Server
Added Date	2025-06-14T00:00:00.000Z
Cvss Score	7.5
Epss Score	None
Cvss Severity	HIGH
Epss Percentile	None
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	True

References

Created: 2026-06-19 12:46 UTC | Updated: 2026-06-19 12:46 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX277457"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Citrix XenMobile Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-17T15:37:15.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/article/CTX277457"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8209",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Citrix XenMobile Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal (CWE-22)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX277457",
              "refsource": "MISC",
              "url": "https://support.citrix.com/article/CTX277457"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8209",
    "datePublished": "2020-08-17T15:37:15.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:56:27.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-8209",
      "date": "2026-06-20",
      "epss": "0.48656",
      "percentile": "0.98721"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.8.0\", \"matchCriteriaId\": \"7CA09036-632C-43B1-905D-9C0791741175\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A7F5AB-EBFF-4178-A453-E15DE705297E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"694A17F8-C261-4980-9599-0FD10FE28B29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA372FE3-5F64-4578-B7EF-D5858A09A2CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A620E08-F0EA-4132-8D2F-8D1DD284DD16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"90CBB0DC-9216-4224-B1C7-B852990FE2FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D13600BB-D45D-4EE0-BE08-C9AB9778E42C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FCF41C7-62BC-4DF4-8A38-4E727E492CEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*\", \"matchCriteriaId\": \"65AD3824-ABE8-4FD2-B201-C11E7D11E938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E2CC054-2FC3-4C68-A3AB-411382CD1332\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABD3BDF2-39B2-4C5C-A647-406142363632\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"88FF116A-5E98-402D-901D-F4A91006722B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"33335E33-AAE8-4DAB-85B7-6B376993EC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"50F4279F-C878-4684-9DA7-0C9FDE213D6A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.\"}, {\"lang\": \"es\", \"value\": \"Un control de acceso inapropiado en Citrix XenMobile Server versiones 10.12 anteriores a RP2, Citrix XenMobile Server versiones 10.11  anteriores a RP4, Citrix XenMobile Server versiones 10.10  anteriores a RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5 y conlleva a una habilidad de leer archivos arbitrarios.\"}]",
      "id": "CVE-2020-8209",
      "lastModified": "2024-11-21T05:38:30.537",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-08-17T16:15:13.343",
      "references": "[{\"url\": \"https://support.citrix.com/article/CTX277457\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/article/CTX277457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8209\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-08-17T16:15:13.343\",\"lastModified\":\"2024-11-21T05:38:30.537\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.\"},{\"lang\":\"es\",\"value\":\"Un control de acceso inapropiado en Citrix XenMobile Server versiones 10.12 anteriores a RP2, Citrix XenMobile Server versiones 10.11  anteriores a RP4, Citrix XenMobile Server versiones 10.10  anteriores a RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5 y conlleva a una habilidad de leer archivos arbitrarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.8.0\",\"matchCriteriaId\":\"7CA09036-632C-43B1-905D-9C0791741175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A7F5AB-EBFF-4178-A453-E15DE705297E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"694A17F8-C261-4980-9599-0FD10FE28B29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA372FE3-5F64-4578-B7EF-D5858A09A2CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A620E08-F0EA-4132-8D2F-8D1DD284DD16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"90CBB0DC-9216-4224-B1C7-B852990FE2FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D13600BB-D45D-4EE0-BE08-C9AB9778E42C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FCF41C7-62BC-4DF4-8A38-4E727E492CEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*\",\"matchCriteriaId\":\"65AD3824-ABE8-4FD2-B201-C11E7D11E938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E2CC054-2FC3-4C68-A3AB-411382CD1332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD3BDF2-39B2-4C5C-A647-406142363632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"88FF116A-5E98-402D-901D-F4A91006722B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"33335E33-AAE8-4DAB-85B7-6B376993EC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"50F4279F-C878-4684-9DA7-0C9FDE213D6A\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX277457\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX277457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-492

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Citrix Endpoint Management. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	XenMobile Server 10.10, si le correctif RP6 est appliqué, l'impact est moins sévère
Citrix	N/A	XenMobile Server versions antérieures à 10.9 RP5
Citrix	N/A	XenMobile Server 10.11, si le correctif RP6 est appliqué, l'impact est moins sévère
Citrix	N/A	XenMobile Server 10.12, si le correctif RP3 est appliqué, l'impact est moins sévère

References

Title

Publication Time

CERTFR-2020-AVI-492

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Citrix Endpoint Management. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	XenMobile Server 10.10, si le correctif RP6 est appliqué, l'impact est moins sévère
Citrix	N/A	XenMobile Server versions antérieures à 10.9 RP5
Citrix	N/A	XenMobile Server 10.11, si le correctif RP6 est appliqué, l'impact est moins sévère
Citrix	N/A	XenMobile Server 10.12, si le correctif RP3 est appliqué, l'impact est moins sévère

References

Title

Publication Time

BDU:2021-01794

Vulnerability from fstec - Published: 17.08.2020

Title

Уязвимость сервера системы управления корпоративными мобильными устройствами Citrix XenMobile Server, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость сервера системы управления корпоративными мобильными устройствами Citrix XenMobile Server связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vendor

Citrix Systems Inc.

Software Name

Citrix XenMobile Server

Software Version

до 10.10 RP6 (Citrix XenMobile Server), до 10.11 RP4 (Citrix XenMobile Server), до 10.12 RP2 (Citrix XenMobile Server), до 10.8.0 включительно (Citrix XenMobile Server), до 10.9 RP5 (Citrix XenMobile Server)

Possible Mitigations

Использование рекомендаций: https://support.citrix.com/article/CTX277457

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8209 https://support.citrix.com/article/CTX277457

CWE

CWE-22

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Citrix Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 10.10 RP6 (Citrix XenMobile Server), \u0434\u043e 10.11 RP4 (Citrix XenMobile Server), \u0434\u043e 10.12 RP2 (Citrix XenMobile Server), \u0434\u043e 10.8.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Citrix XenMobile Server), \u0434\u043e 10.9 RP5 (Citrix XenMobile Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.citrix.com/article/CTX277457",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.08.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.04.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.04.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01794",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8209",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Citrix XenMobile Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 Citrix XenMobile Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 Citrix XenMobile Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2020-8209\nhttps://support.citrix.com/article/CTX277457",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CNVD-2020-50156

Vulnerability from cnvd - Published: 2020-09-03

Title

Citrix Systems XenMobile Server路径遍历漏洞

Description

Citrix Systems XenMobile Server是美国思杰系统（Citrix Systems）公司的一套移动管理解决方案。该方案能够管理移动设备、制定移动策略和合规性规则、深入了解移动移动网络运行情况等。 Citrix Systems XenMobile Server中存在路径遍历漏洞。攻击者可利用该漏洞读取正在运行应用程序的服务器上的任意文件。

Severity

中

Patch Name

Citrix Systems XenMobile Server路径遍历漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.citrix.com/article/CTX277457

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8209

Impacted products

Name
['Citrix Systems XenMobile Server <10.10 RP6', 'Citrix Systems XenMobile Server <10.9 RP5', 'Citrix Systems XenMobile Server <10.12 RP2', 'Citrix Systems XenMobile Server <10.11 RP4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8209"
    }
  },
  "description": "Citrix Systems XenMobile Server\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4e00\u5957\u79fb\u52a8\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u7ba1\u7406\u79fb\u52a8\u8bbe\u5907\u3001\u5236\u5b9a\u79fb\u52a8\u7b56\u7565\u548c\u5408\u89c4\u6027\u89c4\u5219\u3001\u6df1\u5165\u4e86\u89e3\u79fb\u52a8\u79fb\u52a8\u7f51\u7edc\u8fd0\u884c\u60c5\u51b5\u7b49\u3002\n\nCitrix Systems XenMobile Server\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6b63\u5728\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\u7684\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.citrix.com/article/CTX277457",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-50156",
  "openTime": "2020-09-03",
  "patchDescription": "Citrix Systems XenMobile Server\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4e00\u5957\u79fb\u52a8\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u7ba1\u7406\u79fb\u52a8\u8bbe\u5907\u3001\u5236\u5b9a\u79fb\u52a8\u7b56\u7565\u548c\u5408\u89c4\u6027\u89c4\u5219\u3001\u6df1\u5165\u4e86\u89e3\u79fb\u52a8\u79fb\u52a8\u7f51\u7edc\u8fd0\u884c\u60c5\u51b5\u7b49\u3002\r\n\r\nCitrix Systems XenMobile Server\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6b63\u5728\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\u7684\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix Systems XenMobile Server\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix Systems XenMobile Server \u003c10.10 RP6",
      "Citrix Systems XenMobile Server \u003c10.9 RP5",
      "Citrix Systems XenMobile Server \u003c10.12 RP2",
      "Citrix Systems XenMobile Server \u003c10.11 RP4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-8209",
  "serverity": "\u4e2d",
  "submitTime": "2020-08-14",
  "title": "Citrix Systems XenMobile Server\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

FKIE_CVE-2020-8209

Vulnerability from fkie_nvd - Published: 2020-08-17 16:15 - Updated: 2026-06-17 03:26

KEVintel KEV

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	support@hackerone.com	https://support.citrix.com/article/CTX277457	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX277457	Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	xenmobile_server	*
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.12.0
citrix	xenmobile_server	10.12.0

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "Citrix XenMobile Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
            }
          ]
        }
      ],
      "source": "support@hackerone.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
              "versionEndIncluding": "10.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
              "matchCriteriaId": "0A620E08-F0EA-4132-8D2F-8D1DD284DD16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
              "matchCriteriaId": "DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
              "matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
              "matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
              "matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
              "matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files."
    },
    {
      "lang": "es",
      "value": "Un control de acceso inapropiado en Citrix XenMobile Server versiones 10.12 anteriores a RP2, Citrix XenMobile Server versiones 10.11  anteriores a RP4, Citrix XenMobile Server versiones 10.10  anteriores a RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5 y conlleva a una habilidad de leer archivos arbitrarios."
    }
  ],
  "id": "CVE-2020-8209",
  "lastModified": "2026-06-17T03:26:03.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-17T16:15:13.343",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX277457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX277457"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FX75-7XMM-5HM3

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8209"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-17T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.",
  "id": "GHSA-fx75-7xmm-5hm3",
  "modified": "2022-05-24T17:26:05Z",
  "published": "2022-05-24T17:26:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8209"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX277457"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-8209

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-8209

Aliases

CVE-2020-8209

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8209",
    "description": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.",
    "id": "GSD-2020-8209"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8209"
      ],
      "details": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.",
      "id": "GSD-2020-8209",
      "modified": "2023-12-13T01:21:53.509360Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2020-8209",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Citrix XenMobile Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Citrix XenMobile Server 10.12 RP2, Citrix XenMobile Server 10.11 RP4, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Path Traversal (CWE-22)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX277457",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX277457"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2020-8209"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX277457",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/article/CTX277457"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-20T15:41Z",
      "publishedDate": "2020-08-17T16:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8209 (GCVE-0-2020-8209)

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

CERTFR-2020-AVI-492

Solution

CERTFR-2020-AVI-492

Solution

BDU:2021-01794

CNVD-2020-50156

FKIE_CVE-2020-8209

GHSA-FX75-7XMM-5HM3

GSD-2020-8209

Tags

Sightings

Nomenclature