Xenapp

xenapp

Vendor: Citrix • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-22928 1Citrix 3Virtual Apps And Desktops XenappXendesktop Nov 21, 2024 Aug 5, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed...Show more A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.Show less
CVE-2020-8283 1Citrix 3Virtual Apps And Desktops XenappXendesktop Nov 21, 2024 Dec 14, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hot...Show more An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.Show less
CVE-2020-8269 1Citrix 3Virtual Apps And Desktops XenappXendesktop Nov 21, 2024 Nov 16, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
CVE-2020-13998 1Citrix 1Xenapp Nov 21, 2024 Jun 11, 2020 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vuln...Show more Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2016-6493 1Citrix 2Xenapp Xendesktop May 6, 2026 Aug 19, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
CVE-2016-4810 1Citrix 2Xenapp Xendesktop May 6, 2026 Jun 1, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecifi...Show more Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.Show less
CVE-2012-5161 1Citrix 1Xenapp Apr 29, 2026 Dec 26, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2009-2453 1Citrix 2Presentation Server Xenapp Apr 23, 2026 Jul 14, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access...Show more Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.Show less
CVE-2008-4676 1Citrix 3Access Essentials Presentation ServerXenapp Apr 23, 2026 Oct 22, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown...Show more Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain.Show less