CVE-2022-27513 – Remote desktop takeover via phishing
https://notcve.org/view.php?id=CVE-2022-27513
Remote desktop takeover via phishing Adquisición de escritorio remoto mediante phishing • https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-27509 – Unauthenticated redirection to a malicious website
https://notcve.org/view.php?id=CVE-2022-27509
Unauthenticated redirection to a malicious website Un redireccionamiento no autenticado a un sitio web malicioso • https://support.citrix.com/article/CTX457836 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-21827
https://notcve.org/view.php?id=CVE-2022-21827
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. Se ha detectado una vulnerabilidad de privilegio inapropiado en Citrix Gateway Plug-in para Windows (Citrix Secure Access para Windows) versiones anteriores a 21.9.1.2, que podría permitir a un atacante que haya obtenido acceso local a un equipo con Citrix Gateway Plug-in instalado, corromper o eliminar archivos como SYSTEM • https://support.citrix.com/article/CTX341455 • CWE-269: Improper Privilege Management •
CVE-2021-22956
https://notcve.org/view.php?id=CVE-2021-22956
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de consumo no controlado de recursos en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que podría permitir a un atacante con acceso a NSIP o SNIP con acceso a la interfaz de administración causar una interrupción temporal de la GUI de administración, la API Nitro y la comunicación RPC • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-22955
https://notcve.org/view.php?id=CVE-2021-22955
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de denegación de servicio no autenticada en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que, cuando es configurado como servidor virtual VPN (Gateway) o AAA, podría permitir a un atacante causar una interrupción temporal de la GUI de administración, la API Nitro y la comunicación RPC • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •