CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18177
https://notcve.org/view.php?id=CVE-2019-18177
26 Dec 2022 — In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. En ciertos productos Citrix, un usuario de VPN autenticado puede lograr la divulgación de información cuando hay un endpoint de VPN SSL configurado. Esto afecta a Citrix ADC y Citrix Gateway 13.0-58.30 y versiones posteriores antes de la actualización CTX276688. • https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22956
https://notcve.org/view.php?id=CVE-2021-22956
07 Dec 2021 — An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de consumo no controlado de recursos en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que podría permitir a un atacante con acceso a NSIP o SNI... • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-22955
https://notcve.org/view.php?id=CVE-2021-22955
07 Dec 2021 — A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de denegación de servicio no autenticada en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que, cuando es configurado como servidor virtual VPN (Gateway) ... • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8197
https://notcve.org/view.php?id=CVE-2020-8197
10 Jul 2020 — Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands. Una vulnerabilidad de escalada de privilegios en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18, permite a un usuario poco privilegiado con acceso de administración ejecutar comandos arbitrarios • https://support.citrix.com/article/CTX276688 •
CVSS: 6.5EPSS: 63%CPEs: 20EXPL: 1CVE-2020-8196 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-8196
10 Jul 2020 — Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Un control de acceso inapropiado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una divulg... • https://packetstorm.news/files/id/160047 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 85%CPEs: 21EXPL: 2CVE-2020-8195 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-8195
10 Jul 2020 — Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en u... • https://packetstorm.news/files/id/160047 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2020-8198
https://notcve.org/view.php?id=CVE-2020-8198
10 Jul 2020 — Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS). Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una vulnerabilidad de ... • https://support.citrix.com/article/CTX276688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 79%CPEs: 20EXPL: 0CVE-2020-8194
https://notcve.org/view.php?id=CVE-2020-8194
10 Jul 2020 — Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. Una inyección de código reflejado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite la modificación de una descarga de a... • https://support.citrix.com/article/CTX276688 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 94%CPEs: 20EXPL: 7CVE-2020-8193 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-8193
10 Jul 2020 — Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. Un control de acceso inapropiado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite un acceso no autenticado a... • https://packetstorm.news/files/id/160047 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 90%CPEs: 20EXPL: 0CVE-2020-8191
https://notcve.org/view.php?id=CVE-2020-8191
10 Jul 2020 — Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). Una comprobación de entrada inapropiada en versiones de Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite un ataque de ti... • https://support.citrix.com/article/CTX276688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •