CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2022-27505
https://notcve.org/view.php?id=CVE-2022-27505
13 Apr 2022 — Reflected cross site scripting (XSS) Una vulnerabilidad de tipo cross site scripting (XSS) Reflejado • https://support.citrix.com/article/CTX370550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 32EXPL: 0CVE-2022-27506
https://notcve.org/view.php?id=CVE-2022-27506
13 Apr 2022 — Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI Unas credenciales embebidas permiten a administradores acceder al shell por medio de la CLI de SD-WAN • https://support.citrix.com/article/CTX370550 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22919
https://notcve.org/view.php?id=CVE-2021-22919
05 Aug 2021 — A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed. Se ha detectado una vulnerabilidad en Citrix ADC (conocido anteriormente como NetScaler ADC) y Citrix Gateway (conocido anteriormente como NetScaler Gateway), y en los... • https://support.citrix.com/article/CTX319135 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1CVE-2020-8196 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-8196
10 Jul 2020 — Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Un control de acceso inapropiado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una divulg... • https://packetstorm.news/files/id/160047 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 85%CPEs: 21EXPL: 2CVE-2020-8195 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-8195
10 Jul 2020 — Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en u... • https://packetstorm.news/files/id/160047 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2020-8198
https://notcve.org/view.php?id=CVE-2020-8198
10 Jul 2020 — Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS). Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una vulnerabilidad de ... • https://support.citrix.com/article/CTX276688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 97%CPEs: 20EXPL: 0CVE-2020-8194
https://notcve.org/view.php?id=CVE-2020-8194
10 Jul 2020 — Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. Una inyección de código reflejado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite la modificación de una descarga de a... • https://support.citrix.com/article/CTX276688 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 96%CPEs: 20EXPL: 7CVE-2020-8193 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-8193
10 Jul 2020 — Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. Un control de acceso inapropiado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite un acceso no autenticado a... • https://packetstorm.news/files/id/160047 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2020-8191
https://notcve.org/view.php?id=CVE-2020-8191
10 Jul 2020 — Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). Una comprobación de entrada inapropiada en versiones de Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite un ataque de ti... • https://support.citrix.com/article/CTX276688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •