14 matches found
Citrix Xen Mobile Code Execution Vulnerability
Citrix Xen Mobile is a mobility management solution from Citrix Systems. The solution is capable of managing mobile devices, developing mobile policies and compliance rules, and providing insight into the operation of mobile cellular networks. A code execution vulnerability exists in Citrix Xen...
CVE-2018-18014
Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated b...
Design/Logic Flaw
DISPUTED Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already...
Remote code execution
DISPUTED Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution...
CVE-2018-18013
Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability...
CVE-2018-18014
Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated b...
CVE-2018-18013
Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability...
CVE-2018-18013
Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability...
CVE-2018-18014
Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated b...
CVE-2018-18014
Citrix Xen Mobile up to 10.8 is affected by a lack of authentication that allows low-privileged local users to execute system commands as root by sending requests to private services listening on ports 8000, 30000, and 30001. The vendor disputes this as a vulnerability and cites firewall-based lo...
CVE-2018-18013
Xen Mobile prior to 10.8.0 contains a service listening on port 5001 that accepts unauthenticated input; deserializing raw Java objects in memory can lead to remote code execution. The vendor disputes the vulnerability, stating it is mitigated by an internal firewall limiting access to localhost....
CVE-2018-18014
Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated b...
PT-2018-14320 · Citrix · Xen Mobile
Name of the Vulnerable Software and Affected Versions: Xen Mobile versions prior to 10.8.0 Description: The issue arises from a service listening on port 5001 within the firewall of Xen Mobile, which accepts unauthenticated input. This service deserializes raw serialized Java objects into Java...
PT-2018-14321 · Citrix · Citrix Xen Mobile
Name of the Vulnerable Software and Affected Versions: Citrix Xen Mobile versions through 10.8 Description: The issue allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000, and 30001. The vendor disputes that thi...