CVSS: 9.6EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27513 – Remote desktop takeover via phishing
https://notcve.org/view.php?id=CVE-2022-27513
Remote desktop takeover via phishing Adquisición de escritorio remoto mediante phishing • https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27509 – Unauthenticated redirection to a malicious website
https://notcve.org/view.php?id=CVE-2022-27509
Unauthenticated redirection to a malicious website Un redireccionamiento no autenticado a un sitio web malicioso • https://support.citrix.com/article/CTX457836 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22920
https://notcve.org/view.php?id=CVE-2021-22920
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session. Se ha detectado una vulnerabilidad en Citrix ADC (antes conocido como NetScaler ADC) y Citrix Gateway (antes conocido como NetScaler Gateway), y en los modelos 4000-WO, 4100-WO, 5000-WO y 5100-WO de Citrix SD-WAN WANOP Edition. Estas vulnerabilidades, si son explotadas, podrían conllevar a un ataque de phishing mediante un secuestro de autenticación SAML para robar una sesión de usuario válida • https://support.citrix.com/article/CTX319135 • CWE-284: Improper Access Control •