CVE-2021-22920

2021-08-0520:16:49

CWE-284

hackerone

www.cve.org

citrix

vulnerability

saml

authentication

hijack

AI Score

Confidence

High

EPSS

0.002

Percentile

52.3%

JSON

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.

CNA Affected

[
  {
    "product": "Citrix ADC, Citrix Gateway",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"
      },
      {
        "status": "affected",
        "version": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"
      }
    ]
  }
]

References

support.citrix.com/article/CTX319135