CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26355 – Citrix Federated Authentication Service (FAS)
https://notcve.org/view.php?id=CVE-2022-26355
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. Citrix Federated Authentication Service (FAS) versiones 7.17 - 10.6, causa que las implementaciones que han sido configuradas para almacenar la clave privada de un certificado de autoridad de registro en un módulo de plataforma confiable (TPM) almacenen incorrectamente esa clave en el proveedor de almacenamiento de claves de software de Microsoft (MSKSP). Este problema sólo es producida cuando fue usado PowerShell al configurar FAS para almacenar la clave privada del certificado de autoridad de registro en el TPM. • https://support.citrix.com/article/CTX341587 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21825
https://notcve.org/view.php?id=CVE-2022-21825
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. Se presenta una vulnerabilidad de control de acceso inapropiado en Citrix Workspace App for Linux 2012 - 2111 con App Protection instalado que puede permitir a un atacante llevar a cabo una escalada de privilegios local • https://support.citrix.com/article/CTX338435 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22956
https://notcve.org/view.php?id=CVE-2021-22956
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de consumo no controlado de recursos en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que podría permitir a un atacante con acceso a NSIP o SNIP con acceso a la interfaz de administración causar una interrupción temporal de la GUI de administración, la API Nitro y la comunicación RPC • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-22955
https://notcve.org/view.php?id=CVE-2021-22955
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de denegación de servicio no autenticada en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que, cuando es configurado como servidor virtual VPN (Gateway) o AAA, podría permitir a un atacante causar una interrupción temporal de la GUI de administración, la API Nitro y la comunicación RPC • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2021-22941 – Citrix ShareFile Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2021-22941
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. Un control de acceso inapropiado en Citrix ShareFile storage zones controller versiones anteriores a 5.11.20, podría permitir a un atacante no autenticado comprometer remotamente el controlador de zonas de almacenamiento Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. • https://github.com/hoavt184/CVE-2021-22941 https://support.citrix.com/article/CTX328123 • CWE-284: Improper Access Control •