Lucene search
HackeroneCVELIST:CVE-2020-8300HistoryJun 16, 2021 - 1:08 p.m.
CVE-2020-8300
2021-06-1613:08:16
CWE-284
hackerone
www.cve.org
7
citrix adc
netscaler gateway
saml authentication
hijack vulnerability
phishing attack
valid user session
access control
EPSS
0.001
Percentile
32.4%
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
CNA Affected
[
{
"product": "Citrix ADC, Citrix Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in Citrix ADC and Citrix Gateway 13.0 before 13.0-82.41, Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238"
}
]
}
]References
Related
prion
prion
Improper access control
2021-06-16 14:15:00
cve
cve
CVE-2020-8300
2021-06-16 14:15:08
nvd
nvd
CVE-2020-8300
2021-06-16 14:15:08
githubexploit
githubexploit
Exploit for Improper Privilege Management in Citrix Gateway
2021-06-15 07:21:16
citrix
citrix
nessus
nessus
Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX297155)
2021-06-18 00:00:00