CVSS: 7.8EPSS: 36%CPEs: 9EXPL: 0CVE-2023-24487 – Arbitrary file read
https://notcve.org/view.php?id=CVE-2023-24487
10 Jul 2023 — Arbitrary file read in Citrix ADC and Citrix Gateway Arbitrary file read in Citrix ADC and Citrix Gateway • https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488 • CWE-253: Incorrect Check of Function Return Value •
CVSS: 6.4EPSS: 89%CPEs: 8EXPL: 5CVE-2023-24488 – Cross site scripting
https://notcve.org/view.php?id=CVE-2023-24488
10 Jul 2023 — Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting Los productos ADC y Gateway de Citrix son vulnerables a ataques de tipo Cross-Site Scripting (XSS). Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting • https://github.com/NSTCyber/CVE-2023-24488-SIEM-Sigma-Rule • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-27507 – Authenticated denial of service
https://notcve.org/view.php?id=CVE-2022-27507
24 Jan 2023 — Authenticated denial of service Denegación de servicio autenticada • https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18177
https://notcve.org/view.php?id=CVE-2019-18177
26 Dec 2022 — In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. En ciertos productos Citrix, un usuario de VPN autenticado puede lograr la divulgación de información cuando hay un endpoint de VPN SSL configurado. Esto afecta a Citrix ADC y Citrix Gateway 13.0-58.30 y versiones posteriores antes de la actualización CTX276688. • https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27516 – User login brute force protection functionality bypass
https://notcve.org/view.php?id=CVE-2022-27516
08 Nov 2022 — User login brute force protection functionality bypass Omisión de la funcionalidad de protección de fuerza bruta de inicio de sesión de usuario • https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27510 – Unauthorized access to Gateway user capabilities
https://notcve.org/view.php?id=CVE-2022-27510
08 Nov 2022 — Unauthorized access to Gateway user capabilities Acceso no autorizado a las capacidades del usuario de Gateway • https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27513 – Remote desktop takeover via phishing
https://notcve.org/view.php?id=CVE-2022-27513
08 Nov 2022 — Remote desktop takeover via phishing Adquisición de escritorio remoto mediante phishing • https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27509 – Unauthenticated redirection to a malicious website
https://notcve.org/view.php?id=CVE-2022-27509
28 Jul 2022 — Unauthenticated redirection to a malicious website Un redireccionamiento no autenticado a un sitio web malicioso • https://support.citrix.com/article/CTX457836 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22956
https://notcve.org/view.php?id=CVE-2021-22956
07 Dec 2021 — An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de consumo no controlado de recursos en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que podría permitir a un atacante con acceso a NSIP o SNI... • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-22955
https://notcve.org/view.php?id=CVE-2021-22955
07 Dec 2021 — A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de denegación de servicio no autenticada en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que, cuando es configurado como servidor virtual VPN (Gateway) ... • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •