CVE-2020-8275

2021-01-0620:58:54

CWE-284

hackerone

www.cve.org

citrix secure mail

android

access control

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

38.1%

JSON

Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.

CNA Affected

[
  {
    "product": "Citrix Secure Mail for Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 20.11.0"
      }
    ]
  }
]

References

support.citrix.com/article/CTX286763