CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-8210
https://notcve.org/view.php?id=CVE-2020-8210
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. Protección insuficiente de secretos en Citrix XenMobile Server versiones 10.12 anteriores a RP3, Citrix XenMobile Server versiones 10.11 anteriores a RP6, Citrix XenMobile Server 10.10 RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, revela unas credenciales de una cuenta de servicio. • https://support.citrix.com/article/CTX277457 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 96%CPEs: 18EXPL: 1CVE-2020-8209
https://notcve.org/view.php?id=CVE-2020-8209
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. Un control de acceso inapropiado en Citrix XenMobile Server versiones 10.12 anteriores a RP2, Citrix XenMobile Server versiones 10.11 anteriores a RP4, Citrix XenMobile Server versiones 10.10 anteriores a RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5 y conlleva a una habilidad de leer archivos arbitrarios. • https://github.com/B1anda0/CVE-2020-8209 https://support.citrix.com/article/CTX277457 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2020-8208
https://notcve.org/view.php?id=CVE-2020-8208
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS). Una comprobación de entrada inapropiada en Citrix XenMobile Server versiones 10.12 anteriores a RP1, Citrix XenMobile Server versiones 10.11 anteriores a RP4, Citrix XenMobile Server versiones 10.11 anteriores a RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, permite un ataque de tipo Cross-Site Scripting (XSS). • https://support.citrix.com/article/CTX277457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8207
https://notcve.org/view.php?id=CVE-2020-8207
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Un control de acceso inapropiado en la aplicación Citrix Workspace para Windows versiones 1912 CU1 y 2006.1, causa una escalada de privilegios y una ejecución del código cuando el servicio de actualización automática es ejecutado • https://support.citrix.com/article/CTX277662 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8199
https://notcve.org/view.php?id=CVE-2020-8199
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. Un control de acceso inapropiado en el cliente de Citrix ADC Gateway Linux versiones anteriores a 1.0.0.137, resulta en una escalada de privilegios locales a root • https://support.citrix.com/article/CTX276688 •