Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for application_delivery_controller by citrix
CVE-2023-24487 (GCVE-0-2023-24487)
Vulnerability from cvelistv5 – Published: 2023-07-10 20:51 – Updated: 2024-10-25 19:51
VLAI
Title
Arbitrary file read
Summary
Arbitrary file read in Citrix ADC and Citrix Gateway
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-253 - Incorrect Check of Function Return Value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Citrix | Citrix ADC and Citrix Gateway |
Affected:
13.1 , < 13.1-45.61
(patch)
Affected: 13.0 , < 13.0-90.11 (patch) Affected: 12.1 , < 12.1-65.35 (patch) Affected: 12.1-FIPS , < 12.1-55.296 (patch) Affected: 13.1-FIPS , < 13.1-37.150 (patch) Affected: 12.1-NDcPP , < 12.1-55.296 (patch) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T19:50:23.444707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T19:51:04.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix ADC and Citrix Gateway\u202f",
"vendor": "Citrix",
"versions": [
{
"lessThan": "13.1-45.61 ",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "13.0-90.11\u202f",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "12.1-65.35",
"status": "affected",
"version": "12.1",
"versionType": "patch"
},
{
"lessThan": "12.1-55.296",
"status": "affected",
"version": "12.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "13.1-37.150 ",
"status": "affected",
"version": "13.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "12.1-55.296",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eArbitrary file read\u0026nbsp;\u003c/span\u003ein Citrix ADC and Citrix Gateway\u202f"
}
],
"value": "Arbitrary file read\u00a0in Citrix ADC and Citrix Gateway\u202f"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253: Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:51:59.630Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary file read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24487",
"datePublished": "2023-07-10T20:51:59.630Z",
"dateReserved": "2023-01-24T15:49:52.579Z",
"dateUpdated": "2024-10-25T19:51:04.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24488 (GCVE-0-2023-24488)
Vulnerability from cvelistv5 – Published: 2023-07-10 20:41 – Updated: 2024-10-25 19:51
VLAI
KEVintel KEV
Title
Cross site scripting
Summary
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Citrix | Citrix ADC and Citrix Gateway |
Affected:
13.1 , < 13.1-45.61
(patch)
Affected: 13.0 , < 13.0-90.11 (patch) Affected: 12.1 , < 12.1-65.35 (patch) Affected: 12.1-FIPS , < 12.1-55.296 (patch) Affected: 13.1-FIPS , < 13.1-37.150 (patch) Affected: 12.1-NDcPP , < 12.1-55.296 (patch) |
Date Public
2023-05-09 19:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T19:50:27.509927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T19:51:19.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix ADC and Citrix Gateway\u202f",
"vendor": "Citrix",
"versions": [
{
"lessThan": "13.1-45.61 ",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "13.0-90.11\u202f",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "12.1-65.35",
"status": "affected",
"version": "12.1",
"versionType": "patch"
},
{
"lessThan": "12.1-55.296",
"status": "affected",
"version": "12.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "13.1-37.150 ",
"status": "affected",
"version": "13.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "12.1-55.296",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2023-05-09T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCross site scripting vulnerability\u0026nbsp;\u003c/span\u003ein Citrix ADC and Citrix Gateway\u202f\u0026nbsp;in allows and attacker to perform cross site scripting"
}
],
"value": "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway\u202f\u00a0in allows and attacker to perform cross site scripting"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:41:53.469Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24488",
"datePublished": "2023-07-10T20:41:31.248Z",
"dateReserved": "2023-01-24T15:49:52.579Z",
"dateUpdated": "2024-10-25T19:51:19.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27508 (GCVE-0-2022-27508)
Vulnerability from cvelistv5 – Published: 2023-01-24 00:00 – Updated: 2025-04-01 17:52
VLAI
Title
Unauthenticated denial of service
Summary
Unauthenticated denial of service
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Citirx | Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway |
Affected:
12.1-64.16
|
Date Public
2022-05-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T17:52:07.205888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T17:52:55.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
"vendor": "Citirx",
"versions": [
{
"status": "affected",
"version": "12.1-64.16"
}
]
}
],
"datePublic": "2022-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated denial of service"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated denial of service ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27508",
"datePublished": "2023-01-24T00:00:00.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-01T17:52:55.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27507 (GCVE-0-2022-27507)
Vulnerability from cvelistv5 – Published: 2023-01-24 00:00 – Updated: 2025-04-01 18:40
VLAI
Title
Authenticated denial of service
Summary
Authenticated denial of service
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Citirx | Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway |
Affected:
13.1 , < 13.1-21.50
(custom)
Affected: 13.0 , < 13.0-85.19 (custom) Affected: 12.1 , < 12.1-64.17 (custom) Affected: 12.1 FIPS , < 12.1-55.278 (custom) Affected: 12.1 NDcPP , < 12.1-55.278 (custom) |
Date Public
2022-05-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:57.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T18:35:32.119246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T18:40:48.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
"vendor": "Citirx",
"versions": [
{
"lessThan": "13.1-21.50",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "13.0-85.19",
"status": "affected",
"version": "13.0",
"versionType": "custom"
},
{
"lessThan": "12.1-64.17\u202f ",
"status": "affected",
"version": "12.1",
"versionType": "custom"
},
{
"lessThan": "12.1-55.278",
"status": "affected",
"version": "12.1 FIPS",
"versionType": "custom"
},
{
"lessThan": "12.1-55.278",
"status": "affected",
"version": "12.1 NDcPP",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authenticated denial of service"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated denial of service ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27507",
"datePublished": "2023-01-24T00:00:00.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-01T18:40:48.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24487 (GCVE-0-2023-24487)
Vulnerability from nvd – Published: 2023-07-10 20:51 – Updated: 2024-10-25 19:51
VLAI
Title
Arbitrary file read
Summary
Arbitrary file read in Citrix ADC and Citrix Gateway
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-253 - Incorrect Check of Function Return Value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Citrix | Citrix ADC and Citrix Gateway |
Affected:
13.1 , < 13.1-45.61
(patch)
Affected: 13.0 , < 13.0-90.11 (patch) Affected: 12.1 , < 12.1-65.35 (patch) Affected: 12.1-FIPS , < 12.1-55.296 (patch) Affected: 13.1-FIPS , < 13.1-37.150 (patch) Affected: 12.1-NDcPP , < 12.1-55.296 (patch) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T19:50:23.444707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T19:51:04.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix ADC and Citrix Gateway\u202f",
"vendor": "Citrix",
"versions": [
{
"lessThan": "13.1-45.61 ",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "13.0-90.11\u202f",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "12.1-65.35",
"status": "affected",
"version": "12.1",
"versionType": "patch"
},
{
"lessThan": "12.1-55.296",
"status": "affected",
"version": "12.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "13.1-37.150 ",
"status": "affected",
"version": "13.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "12.1-55.296",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eArbitrary file read\u0026nbsp;\u003c/span\u003ein Citrix ADC and Citrix Gateway\u202f"
}
],
"value": "Arbitrary file read\u00a0in Citrix ADC and Citrix Gateway\u202f"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253: Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:51:59.630Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary file read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24487",
"datePublished": "2023-07-10T20:51:59.630Z",
"dateReserved": "2023-01-24T15:49:52.579Z",
"dateUpdated": "2024-10-25T19:51:04.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24488 (GCVE-0-2023-24488)
Vulnerability from nvd – Published: 2023-07-10 20:41 – Updated: 2024-10-25 19:51
VLAI
KEVintel KEV
Title
Cross site scripting
Summary
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Citrix | Citrix ADC and Citrix Gateway |
Affected:
13.1 , < 13.1-45.61
(patch)
Affected: 13.0 , < 13.0-90.11 (patch) Affected: 12.1 , < 12.1-65.35 (patch) Affected: 12.1-FIPS , < 12.1-55.296 (patch) Affected: 13.1-FIPS , < 13.1-37.150 (patch) Affected: 12.1-NDcPP , < 12.1-55.296 (patch) |
Date Public
2023-05-09 19:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T19:50:27.509927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T19:51:19.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix ADC and Citrix Gateway\u202f",
"vendor": "Citrix",
"versions": [
{
"lessThan": "13.1-45.61 ",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "13.0-90.11\u202f",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "12.1-65.35",
"status": "affected",
"version": "12.1",
"versionType": "patch"
},
{
"lessThan": "12.1-55.296",
"status": "affected",
"version": "12.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "13.1-37.150 ",
"status": "affected",
"version": "13.1-FIPS ",
"versionType": "patch"
},
{
"lessThan": "12.1-55.296",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2023-05-09T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCross site scripting vulnerability\u0026nbsp;\u003c/span\u003ein Citrix ADC and Citrix Gateway\u202f\u0026nbsp;in allows and attacker to perform cross site scripting"
}
],
"value": "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway\u202f\u00a0in allows and attacker to perform cross site scripting"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:41:53.469Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24488",
"datePublished": "2023-07-10T20:41:31.248Z",
"dateReserved": "2023-01-24T15:49:52.579Z",
"dateUpdated": "2024-10-25T19:51:19.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27508 (GCVE-0-2022-27508)
Vulnerability from nvd – Published: 2023-01-24 00:00 – Updated: 2025-04-01 17:52
VLAI
Title
Unauthenticated denial of service
Summary
Unauthenticated denial of service
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Citirx | Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway |
Affected:
12.1-64.16
|
Date Public
2022-05-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T17:52:07.205888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T17:52:55.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
"vendor": "Citirx",
"versions": [
{
"status": "affected",
"version": "12.1-64.16"
}
]
}
],
"datePublic": "2022-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated denial of service"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated denial of service ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27508",
"datePublished": "2023-01-24T00:00:00.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-01T17:52:55.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27507 (GCVE-0-2022-27507)
Vulnerability from nvd – Published: 2023-01-24 00:00 – Updated: 2025-04-01 18:40
VLAI
Title
Authenticated denial of service
Summary
Authenticated denial of service
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Citirx | Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway |
Affected:
13.1 , < 13.1-21.50
(custom)
Affected: 13.0 , < 13.0-85.19 (custom) Affected: 12.1 , < 12.1-64.17 (custom) Affected: 12.1 FIPS , < 12.1-55.278 (custom) Affected: 12.1 NDcPP , < 12.1-55.278 (custom) |
Date Public
2022-05-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:57.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T18:35:32.119246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T18:40:48.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
"vendor": "Citirx",
"versions": [
{
"lessThan": "13.1-21.50",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "13.0-85.19",
"status": "affected",
"version": "13.0",
"versionType": "custom"
},
{
"lessThan": "12.1-64.17\u202f ",
"status": "affected",
"version": "12.1",
"versionType": "custom"
},
{
"lessThan": "12.1-55.278",
"status": "affected",
"version": "12.1 FIPS",
"versionType": "custom"
},
{
"lessThan": "12.1-55.278",
"status": "affected",
"version": "12.1 NDcPP",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authenticated denial of service"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated denial of service ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27507",
"datePublished": "2023-01-24T00:00:00.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-01T18:40:48.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}