Lucene search

CitrixCVE-2024-6148

HistoryJul 10, 2024 - 9:15 p.m.

CVE-2024-6148

2024-07-1021:15:10

Citrix

web.nvd.nist.gov

cve-2024-6148

citrix workspace app

html5

policy configuration

gacs

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

Affected configurations

Nvd

Node

citrixworkspaceRange<2404.1html5

VendorProductVersionCPE
citrixworkspace*cpe:2.3:a:citrix:workspace:*:*:*:*:*:html5:*:*

Vendor	Product	Version	CPE
citrix	workspace	*	cpe:2.3:a:citrix:workspace::::::html5::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Citrix Workspace app for HTML5",
    "vendor": "Citrix",
    "versions": [
      {
        "lessThan": "1",
        "status": "affected",
        "version": "2404",
        "versionType": "patch"
      }
    ]
  }
]

References

support.citrix.com/article/CTX678037

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Related for CVE-2024-6148