Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
citrixCitrixCTX247736
HistoryApr 26, 2019 - 4:00 a.m.

CVE-2018-18571 - Authentication Bypass vulnerability in XenMobile Server

2019-04-2604:00:00
support.citrix.com
12

0.001 Low

EPSS

Percentile

45.7%

JSON

Description of Problem

A vulnerability has been identified in Citrix XenMobile Server that could permit an attacker to impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.

The vulnerability has been assigned the following CVE number:

ā€¢ CVE-2018-18571: Authentication Bypass Vulnerability in Citrix XenMobile Server.

This vulnerability affects the following products:

ā€¢ Citrix XenMobile Server 10.9.0 before Rolling Patch 3.

ā€¢ Citrix XenMobile Server 10.8.0 before Rolling Patch 6.

What Customers Should Do

Citrix recommends customers running Citrix XenMobile Server 10.9.0 upgrade to Rolling Patch 3 found at <https://support.citrix.com/article/CTX249985&gt; and Citrix XenMobile Server 10.8.0 upgrade to Rolling Patch 6 found at <https://support.citrix.com/article/CTX250711&gt;.

Also, a newer version of Citrix XenMobile Server is now available: Citrix XenMobile Server version 10.10.0.7

Citrix strongly recommends that affected customers upgrade their XenMobile Servers to the new version. This new version can be obtained from the following location:

Citrix Product Downloads: <https://www.citrix.com/downloads/citrix-endpoint-management/&gt;.

These issues have already been addressed in the Citrix Cloud service.

Windows device users who have upgraded to Citrix Endpoint Management 19.3.1, please reference the following article and recreate your Store device policy: <https://support.citrix.com/article/CTX249857&gt;.

Acknowledgements

Citrix thanks Jonas of Danske Bank for working with us to protect Citrix customers.

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _ <http://support.citrix.com/&gt;_.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html&gt;_.

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 ā€“ Reporting Security Issues to Citrix

Changelog

Date Change
26th April 2019 Initial Publication
30th April 2019 Correction of MDM to MAM

Related

cvelist 1
nvd 1
prion 1
cve 1
cvelist
cvelist
CVE-2018-18571
2019-06-05 14:53:57
nvd
nvd
CVE-2018-18571
2019-06-05 15:29:00
prion
prion
Improper access control
2019-06-05 15:29:00
cve
cve
CVE-2018-18571
2019-06-05 15:29:00

0.001 Low

EPSS

Percentile

45.7%

JSON
Related for CTX247736
cvelist1nvd1prion1cve1