Filtered by vendor Citrix Subscriptions
Total 423 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-8195 1 Citrix 12 4000-wo, 4100-wo, 5000-wo and 9 more 2024-11-21 6.5 Medium
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVE-2020-8194 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2024-11-21 6.5 Medium
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
CVE-2020-8193 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2024-11-21 6.5 Medium
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
CVE-2020-8191 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2024-11-21 6.1 Medium
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
CVE-2020-8190 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2024-11-21 7.5 High
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
CVE-2020-8187 1 Citrix 4 Application Delivery Controller, Application Delivery Controller Firmware, Netscaler Gateway and 1 more 2024-11-21 7.5 High
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.
CVE-2020-7473 1 Citrix 1 Sharefile Storagezones Controller 2024-11-21 7.5 High
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
CVE-2020-6175 1 Citrix 2 Citrix Sd-wan Center, Netscaler Sd-wan Center 2024-11-21 5.9 Medium
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.
CVE-2020-13998 1 Citrix 1 Xenapp 2024-11-21 5.3 Medium
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-13885 1 Citrix 1 Workspace App 2024-11-21 7.8 High
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
CVE-2020-13884 1 Citrix 1 Workspace App 2024-11-21 7.8 High
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
CVE-2020-10112 1 Citrix 1 Gateway Firmware 2024-11-21 5.4 Medium
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default
CVE-2020-10111 1 Citrix 1 Gateway Firmware 2024-11-21 7.5 High
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization
CVE-2020-10110 1 Citrix 1 Gateway Firmware 2024-11-21 5.3 Medium
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive
CVE-2019-9548 1 Citrix 1 Application Delivery Management 2024-11-21 N/A
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.
CVE-2019-7218 1 Citrix 1 Sharefile 2024-11-21 N/A
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
CVE-2019-7217 1 Citrix 1 Sharefile 2024-11-21 N/A
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
CVE-2019-6485 1 Citrix 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more 2024-11-21 N/A
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
CVE-2019-19781 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2024-11-21 9.8 Critical
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
CVE-2019-18225 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2024-11-21 9.8 Critical
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.