Lucene search

HackeroneCVELIST:CVE-2021-22927

HistoryAug 05, 2021 - 8:16 p.m.

CVE-2021-22927

2021-08-0520:16:42

CWE-384

hackerone

www.cve.org

citrix

adc

gateway

saml

session hijack

vulnerability

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

51.5%

JSON

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

CNA Affected

[
  {
    "product": "Citrix ADC, Citrix Gateway",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"
      },
      {
        "status": "affected",
        "version": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"
      },
      {
        "status": "affected",
        "version": "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1"
      },
      {
        "status": "affected",
        "version": "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS"
      }
    ]
  }
]

References

support.citrix.com/article/CTX319135