CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3467
https://notcve.org/view.php?id=CVE-2023-3467
19 Jul 2023 — Privilege Escalation to root administrator (nsroot) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3466
https://notcve.org/view.php?id=CVE-2023-3466
19 Jul 2023 — Reflected Cross-Site Scripting (XSS) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 8EXPL: 15CVE-2023-3519 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-3519
19 Jul 2023 — Unauthenticated remote code execution Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. • https://packetstorm.news/files/id/173997 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-24492
https://notcve.org/view.php?id=CVE-2023-24492
11 Jul 2023 — A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. • https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24491
https://notcve.org/view.php?id=CVE-2023-24491
11 Jul 2023 — A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed... • https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 3CVE-2023-24489 – Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2023-24489
10 Jul 2023 — A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. • https://github.com/codeb0ss/CVE-2023-24489-PoC • CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 22EXPL: 0CVE-2023-24490 – Users with only access to launch VDA applications can launch an unauthorized desktop
https://notcve.org/view.php?id=CVE-2023-24490
10 Jul 2023 — Users with only access to launch VDA applications can launch an unauthorized desktop • https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 36%CPEs: 9EXPL: 0CVE-2023-24487 – Arbitrary file read
https://notcve.org/view.php?id=CVE-2023-24487
10 Jul 2023 — Arbitrary file read in Citrix ADC and Citrix Gateway Arbitrary file read in Citrix ADC and Citrix Gateway • https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488 • CWE-253: Incorrect Check of Function Return Value •
CVSS: 6.4EPSS: 89%CPEs: 8EXPL: 5CVE-2023-24488 – Cross site scripting
https://notcve.org/view.php?id=CVE-2023-24488
10 Jul 2023 — Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting Los productos ADC y Gateway de Citrix son vulnerables a ataques de tipo Cross-Site Scripting (XSS). Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting • https://github.com/NSTCyber/CVE-2023-24488-SIEM-Sigma-Rule • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24486 – Local user access to a system where another user is utilizing a vulnerable version of Citrix Workspace App for Linux to launch published desktops and applications
https://notcve.org/view.php?id=CVE-2023-24486
10 Jul 2023 — A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. • https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486 • CWE-284: Improper Access Control •