CVE-2020-8253

Published: Sep 18, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.

Affected (18)

Products: Citrix: Xenmobile Server

Citrix

1 product

Xenmobile Server

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenmobile Server	Up to 10.8.0
Citrix Xenmobile Server	Version 10.10.0
Citrix Xenmobile Server	Version 10.10.0 rolling_patch1
Citrix Xenmobile Server	Version 10.10.0 rolling_patch2
Citrix Xenmobile Server	Version 10.10.0 rolling_patch3
Citrix Xenmobile Server	Version 10.10.0 rolling_patch4
Citrix Xenmobile Server	Version 10.10.0 rolling_patch5
Citrix Xenmobile Server	Version 10.11.0
Citrix Xenmobile Server	Version 10.11.0 rolling_patch1
Citrix Xenmobile Server	Version 10.11.0 rolling_patch2
Citrix Xenmobile Server	Version 10.11.0 rolling_patch3
Citrix Xenmobile Server	Version 10.12.0
Citrix Xenmobile Server	Version 10.12.0 rolling_patch1
Citrix Xenmobile Server	Version 10.9.0
Citrix Xenmobile Server	Version 10.9.0 rolling_patch1
Citrix Xenmobile Server	Version 10.9.0 rolling_patch2
Citrix Xenmobile Server	Version 10.9.0 rolling_patch3
Citrix Xenmobile Server	Version 10.9.0 rolling_patch4

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://support.citrix.com/article/CTX277457

Source: support@hackerone.com

PatchVendor Advisory

https://support.citrix.com/article/CTX277457

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.