18 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Arbitrary file read in Citrix ADC and Citrix Gateway • https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488 • CWE-253: Incorrect Check of Function Return Value •

CVSS: 6.1EPSS: 7%CPEs: 8EXPL: 5

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting Los productos ADC y Gateway de Citrix son vulnerables a ataques de tipo Cross-Site Scripting (XSS). • https://github.com/NSTCyber/CVE-2023-24488-SIEM-Sigma-Rule https://github.com/raytheon0x21/CVE-2023-24488 https://github.com/securitycipher/CVE-2023-24488 https://github.com/Abo5/CVE-2023-24488 https://github.com/SirBugs/CVE-2023-24488-PoC https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Authenticated denial of service Denegación de servicio autenticada • https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. En ciertos productos Citrix, un usuario de VPN autenticado puede lograr la divulgación de información cuando hay un endpoint de VPN SSL configurado. Esto afecta a Citrix ADC y Citrix Gateway 13.0-58.30 y versiones posteriores antes de la actualización CTX276688. • https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update •

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0

User login brute force protection functionality bypass Omisión de la funcionalidad de protección de fuerza bruta de inicio de sesión de usuario • https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-693: Protection Mechanism Failure •