CVE-2020-8200

Published: Sep 18, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

Affected (4)

Products: Citrix: Storefront Server

Citrix

1 product

Storefront Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Citrix Storefront Server	Before 2006
Citrix Storefront Server	From 1912 to 1912.0.1000
Citrix Storefront Server	From 3.0 to 3.0.8001
Citrix Storefront Server	From 3.12 to 3.12.5001

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://support.citrix.com/article/CTX277455

Source: support@hackerone.com

Vendor Advisory

https://support.citrix.com/article/CTX277455

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.