Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. The vulnerability involves case-sensitive patterns for disallowedFields on a DataBinder, meaning a field is not effectively protected unless it is listed with both upper and lower case for the first...

Citrix Workspace app for Windows Security Bulletin CVE-2025-4879

Severity - High Description of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Affected Versions The vulnerability affects the following supported versions of the Citrix Workspace app for Windows Current Release CR Citrix Workspace app for Windows...

2402 LTSR target device stuck initializing while checking the status of Hybrid joined machines

...

On Prem || FAS 2402 LTSR || FAS with intune certificate

Impacts and limitations of FAS with Intune certificate...

Citrix Workspace app for Windows Security Bulletin CVE-2024-6286

Description of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Refer to below for further details: Affected Versions The vulnerability affects the following supported versions of the Citrix Workspace app for Windows Current Release CR Citrix Workspac...

Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151

Description of Problem A vulnerability has been identified that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Refer to below for further details: Affected Versions The vulnerability affects the following supported versions of Windows Virtual...

Citrix Session Recording Security Bulletin for CVE-2023-6184

A vulnerability has been discovered in Citrix Session Recording, which, if exploited, may result in an authenticated user being able to perform an RCE. Affected Versions: The following supported versions of Citrix Session Recording are affected by the vulnerability: Current Release CR Citrix...

Citrix StoreFront Security Bulletin for CVE-2023-5914

A vulnerability has been discovered in Citrix StoreFront, which, if exploited, may result in a Cross-site scripting XSS attack. Affected Versions: The following supported versions of Citrix StoreFront are affected by the vulnerability: Current Release CR Citrix StoreFront before 2308.1 Citrix...

Windows and Linux Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2023-24490

A vulnerability has been identified that impacts Virtual Delivery Agents for Windows or Linux used by Citrix Virtual Apps and Desktops and Citrix DaaS. The vulnerability affects the following supported versions of Windows Virtual Delivery Agent: Current Release CR Citrix Virtual Apps and Desktops...

Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483

A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. The vulnerability has been given the following identifier: CVE ID| Description| Vulnerability Type|...

Storefront Console crashes when clicking configuration at node Manage Receiver for Web sites

Storefront Console crashes when clicking configuration at node Manage Receiver for Web sites.The Store Front has successfully upgraded from 7.15 to 2203 LTSR...

Configure Virtual Channel Allow List for Epic Slingshot and Epic Warp Drive

The Virtual Channel Allow List feature has been enabled by default as of CVAD 2109 and has been carried forward to CVAD 2203 LTSR. When the allow list is enabled, Epic Slingshot and Epic Warp Drive require configuration of the Virtual Channel Allow List for their associated virtual channels to...

Driver Disk for Microsemi smartpqi 2.1.18-045 - For Citrix Hypervisor 8.2 LTSR

Who Should Install this Driver Disk? Customers running the Citrix Hypervisor 8.2 LTSR release who use Microsemi's smartpqi driver and wish to use the latest version of the following: Driver Module| Version ---|--- smartpqi| 2.1.18045 Issues Resolved In this Driver Disk Includes general enhancemen...

Driver Disk for Cisco enic 4.2.0.26 - For Citrix Hypervisor 8.2 LTSR

Who Should Install this Driver Disk? Customers running the Citrix Hypervisor 8.2 LTSR release who use Cisco's enic driver and wish to use the latest version of the following: Driver Module| Version ---|--- enic| 4.2.0.26 Issues Resolved In this Driver Disk Includes general enhancements and bug...

Citrix Hypervisor Security Update

Several security issues have been discovered in Citrix Hypervisor that, collectively, may allow privileged code in a guest VM to compromise or crash the host. These issues have the following identifiers: CVE-ID| Description| Pre-requisites ---|---|--- CVE-2021-28694| Host denial of service|...

Citrix Virtual Apps and Desktops Privilege Escalation Vulnerability (CTX319750)

The version of Citrix Virtual Apps and Desktops installed on the remote Windows host is 2016 and earlier, or s 1912 LTSR CU3 or earlier. It is, therefore, affected by a privilege escalation vulnerability. An unspecified flaw exists related to Citrix Profile Management or Citrix Profile Management...

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...

Citrix Hypervisor <= 8.2 LTSR DoS (CTX306565)

The version of Citrix Hypervisor formerly Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by denial of service vulnerabilities. - A local attacker with the ability to execute privileged mode code in a guest machine can perform a denial of servi...

VulnCheck KEV: CVE-2020-8283

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...

CVE-2021-20257

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: NinjaOperator at June 25, 2021 6:16pm UTC reported:...