CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-8299
https://notcve.org/view.php?id=CVE-2020-8299
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. Citrix ADC y Citrix/NetScaler Gateway versiones 13.0 anteriores a 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.238, y Citrix SD-WAN WANOP Edition versiones anteriores a 11.4.0, 11. 3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a, sufren un consumo no controlado de recursos mediante una denegación de servicio basada en la red desde el mismo segmento de red de capa 2. Tome en cuenta que el atacante debe estar en el mismo segmento de red de capa 2 que el dispositivo vulnerable • https://support.citrix.com/article/CTX297155 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1CVE-2020-8300
https://notcve.org/view.php?id=CVE-2020-8300
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible. Citrix ADC y Citrix/NetScaler Gateway versiones anteriores a 13.0-82.41, 12.1-62.23, 11.1-65.20 y Citrix ADC 12.1-FIPS versiones anteriores a 12.1-55.238, sufren de un control de acceso inapropiado que permite el secuestro de la autenticación SAML mediante un ataque de phishing para robar una sesión de usuario válida. Tome en cuenta que Citrix ADC o Citrix Gateway deben estar configurados como un SP SAML o un IdP SAML para que esto sea posible • https://github.com/stuartcarroll/CitrixADC-CVE-2020-8300 https://support.citrix.com/article/CTX297155 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22914
https://notcve.org/view.php?id=CVE-2021-22914
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. Citrix Cloud Connector versiones anteriores a 6.31.0.62192, sufre de almacenamiento no seguro de información confidencial debido a que la información confidencial es almacenada en los archivos de registro de instalación de Citrix Cloud Connector. • https://support.citrix.com/article/CTX316690 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22891
https://notcve.org/view.php?id=CVE-2021-22891
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller. Se presenta una vulnerabilidad de falta de autorización en Citrix ShareFile Storage Zones Controller versiones anteriores a 5.7.3, 5.8.3, 5.9.3, 5.10.1 y 5.11.18, pueden permitir el compromiso remoto no autenticado del Storage Zones Controller • https://support.citrix.com/article/CTX310780 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22907
https://notcve.org/view.php?id=CVE-2021-22907
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. Se presenta una vulnerabilidad de control de acceso inapropiado en la aplicación Citrix Workspace para Windows que potencialmente permite una escalada de privilegios en CR versiones anteriores a 2105 y 1912 LTSR versiones anteriores a CU4 • https://support.citrix.com/article/CTX307794 • CWE-284: Improper Access Control •