Vulnerabilites related to citrix - application_delivery_management
Vulnerability from fkie_nvd
Published
2019-06-05 17:29
Modified
2024-11-21 04:51
Severity ?
Summary
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | application_delivery_management | * | |
| citrix | application_delivery_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1011A8F7-67E0-4F94-968E-50C8D33142D4",
"versionEndIncluding": "12.1.50.33",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:cloud:*:*:*",
"matchCriteriaId": "71A353D9-68CE-4738-B182-66B080B2A1CD",
"versionEndIncluding": "13.0.33.23",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control."
},
{
"lang": "es",
"value": "Citrix Application Delivery Management (ADM) 12.1.x antes de 12.1.50.33 tiene un control de acceso incorrecto."
}
],
"id": "CVE-2019-9548",
"lastModified": "2024-11-21T04:51:50.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T17:29:00.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX247738"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX247738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-16 19:15
Modified
2024-11-21 06:55
Severity ?
Summary
Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | application_delivery_management | * | |
| citrix | application_delivery_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC11B29-AF64-4FE8-96BD-6022C9D05E33",
"versionEndExcluding": "13.0-85.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A59B4F8-E3A4-41E7-AD9A-79ED1F2AD826",
"versionEndExcluding": "13.1-21.53",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM."
},
{
"lang": "es",
"value": "Una Interrupci\u00f3n temporal del servicio de licencias de ADM. El impacto de esto incluye impedir que sean emitidas o renueven nuevas licencias por parte de Citrix ADM"
}
],
"id": "CVE-2022-27512",
"lastModified": "2024-11-21T06:55:52.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-16T19:15:07.830",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-664"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-16 19:15
Modified
2024-11-21 06:55
Severity ?
Summary
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | application_delivery_management | * | |
| citrix | application_delivery_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC11B29-AF64-4FE8-96BD-6022C9D05E33",
"versionEndExcluding": "13.0-85.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A59B4F8-E3A4-41E7-AD9A-79ED1F2AD826",
"versionEndExcluding": "13.1-21.53",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted."
},
{
"lang": "es",
"value": "Una corrupci\u00f3n del sistema por parte de un usuario remoto no autenticado. El impacto de esto puede incluir el restablecimiento de la contrase\u00f1a de administrador en el siguiente reinicio del dispositivo, permitiendo a un atacante con acceso ssh conectarse con las credenciales de administrador por defecto despu\u00e9s de que el dispositivo se haya reiniciado"
}
],
"id": "CVE-2022-27511",
"lastModified": "2024-11-21T06:55:52.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-16T19:15:07.773",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX319135 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX319135 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | application_delivery_management | 12.1-62.25 | |
| citrix | application_delivery_management | 13.0-82.42 | |
| citrix | gateway | 12.1-62.25 | |
| citrix | gateway | 13.0-82.42 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1-62.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DE311F5F-CD6A-4539-9941-B7F301BD29C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:13.0-82.42:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDB150A-DC10-4C05-A75A-5EA94E3AE84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:12.1-62.25:*:*:*:*:*:*:*",
"matchCriteriaId": "20180A94-DDD7-4EC0-9636-158B935B0938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:13.0-82.42:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF01A30-0E92-43CD-B1BE-B2051EF7B0A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Citrix ADC (antes conocido como NetScaler ADC) y Citrix Gateway (antes conocido como NetScaler Gateway), y en los modelos 4000-WO, 4100-WO, 5000-WO y 5100-WO de Citrix SD-WAN WANOP Edition. Estas vulnerabilidades, si son explotadas, podr\u00edan conllevar a un ataque de phishing mediante un secuestro de autenticaci\u00f3n SAML para robar una sesi\u00f3n de usuario v\u00e1lida"
}
],
"id": "CVE-2021-22920",
"lastModified": "2024-11-21T05:50:55.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:11.083",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 22:15
Modified
2024-11-21 04:32
Severity ?
Summary
Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX261735 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX261735 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_48.18:*:*:*:*:*:*",
"matchCriteriaId": "2D09CA8D-8FE1-4B2B-AFE4-E7BC663EE50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_49.23:*:*:*:*:*:*",
"matchCriteriaId": "C6F04B12-BD61-450E-BF8C-648EAEA6AF1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_49.37:*:*:*:*:*:*",
"matchCriteriaId": "7882FE22-7F57-421D-A172-103527694020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_50.28:*:*:*:*:*:*",
"matchCriteriaId": "2545A641-0F93-4AB1-8F8A-F9D326492CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_50.30:*:*:*:*:*:*",
"matchCriteriaId": "F174AA81-F210-44EA-B4C6-05122A54317B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_50.33:*:*:*:*:*:*",
"matchCriteriaId": "F752DD26-9C19-4E5A-AAAA-A7B522EC71F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_50.39:*:*:*:*:*:*",
"matchCriteriaId": "74DD7ADA-2814-45CE-9EA3-23E5B2FE872D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_50.43:*:*:*:*:*:*",
"matchCriteriaId": "C2155AF8-D731-43BE-9CF1-47AAA486E170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_52.15:*:*:*:*:*:*",
"matchCriteriaId": "DA091826-FBE5-4E3A-9BED-985D956C8EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1:build_53.12:*:*:*:*:*:*",
"matchCriteriaId": "7722E428-9533-4190-826F-364D5E4E06F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:application_delivery_management:13.0:*:*:*:cloud:*:*:*",
"matchCriteriaId": "5F604C5D-FF0A-43E7-A9B4-17E011F5E3B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control."
},
{
"lang": "es",
"value": "Citrix Application Delivery Management (ADM) versi\u00f3n 12.1 anterior a build 54.13, presenta un Control de Acceso Incorrecto."
}
],
"id": "CVE-2019-17366",
"lastModified": "2024-11-21T04:32:11.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T22:15:10.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX261735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX261735"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-22920
Vulnerability from cvelistv5
Published
2021-08-05 20:16
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX319135 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway |
Version: Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Version: Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"
},
{
"status": "affected",
"version": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control - Generic (CWE-284)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:16:49",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway",
"version": {
"version_data": [
{
"version_value": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"
},
{
"version_value": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX319135",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX319135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22920",
"datePublished": "2021-08-05T20:16:49",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17366
Vulnerability from cvelistv5
Published
2019-10-09 21:12
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX261735 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX261735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T21:12:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX261735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX261735",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX261735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17366",
"datePublished": "2019-10-09T21:12:28",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9548
Vulnerability from cvelistv5
Published
2019-06-05 16:20
Modified
2024-08-04 21:54
Severity ?
EPSS score ?
Summary
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin | x_refsource_MISC | |
| https://support.citrix.com/article/CTX247738 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX247738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T16:20:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX247738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin",
"refsource": "MISC",
"url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
},
{
"name": "https://support.citrix.com/article/CTX247738",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX247738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9548",
"datePublished": "2019-06-05T16:20:43",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27511
Vulnerability from cvelistv5
Published
2022-06-16 18:53
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Application Delivery Management (Citrix ADM) |
Version: unspecified < 13.1-21.53 Version: unspecified < 13.0-85.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Application Delivery Management (Citrix ADM)",
"vendor": "Citrix",
"versions": [
{
"lessThan": "13.1-21.53",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "13.0-85.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T18:53:14",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@citrix.com",
"DATE_PUBLIC": "2022-06-14T16:47:00.000Z",
"ID": "CVE-2022-27511",
"STATE": "PUBLIC",
"TITLE": "Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Application Delivery Management (Citrix ADM)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "13.1-21.53"
},
{
"version_affected": "\u003c",
"version_value": "13.0-85.19"
}
]
}
}
]
},
"vendor_name": "Citrix"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27511",
"datePublished": "2022-06-16T18:53:14.582634Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-17T01:10:57.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27512
Vulnerability from cvelistv5
Published
2022-06-16 18:53
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Application Delivery Management (Citrix ADM) |
Version: unspecified < 13.1-21.53 Version: unspecified < 13.0-85.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Application Delivery Management (Citrix ADM)",
"vendor": "Citrix",
"versions": [
{
"lessThan": "13.1-21.53",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "13.0-85.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T18:53:33",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Temporary disruption of the ADM license service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@citrix.com",
"DATE_PUBLIC": "2022-06-14T16:47:00.000Z",
"ID": "CVE-2022-27512",
"STATE": "PUBLIC",
"TITLE": "Temporary disruption of the ADM license service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Application Delivery Management (Citrix ADM)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "13.1-21.53"
},
{
"version_affected": "\u003c",
"version_value": "13.0-85.19"
}
]
}
}
]
},
"vendor_name": "Citrix"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-664 Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27512",
"datePublished": "2022-06-16T18:53:33.283390Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-16T23:35:26.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}