Citrix Licensing - powershell cmdlets failing with CommunicationError

Citrix.Licensing.Admin.V1 cmdlets Get-LicCertificate, Get-LicInventory stopped working after License Server upgrade to 11.17.2.0. Build 51000. Citrix Licensing PowerShell Snap-In is installed and used directly on the License Server. Error: CommunicationError CategoryInfo: InvalidOperation Example...

Users receive error "Try again after some time or contact your help desk" at login

While accessing ADC Gateway or Authentication page, in certain conditions users received one of these two errors: "Try again after some time or contact your help desk". "Malformed assertion sent to Netscaler" Users redirected to Login page. To validate this is the cause, you can check ADC syslogs...

CVE-2016-9603 - Citrix XenServer Security Update

Description of Problem A security issue has been identified within Citrix XenServer. This issue could, if exploited, allow the administrator of an HVM guest VM to compromise the host. The following vulnerability has been addressed: CVE-2016-9603 High: QEMU: Cirrus VGA Heap overflow via display...

CVE-2016-2789 - Persistent Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.x Web User Interface

Description of Problem A Cross-Site Scripting XSS vulnerability has been identified in XenMobile Server 10.x. This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if this vulnerability is used to execut...

CVE-2013-6077 - Vulnerability in XenDesktop 7.0 Upgrade Could Result in Policy Bypass

Description of Problem A vulnerability has been identified in Citrix XenDesktop 7.0 that could prevent policy rules from being correctly applied following an upgrade from earlier versions of Citrix XenDesktop. This vulnerability affects deployments of Citrix XenDesktop that have been upgraded fro...

Citrix Workspace app for Windows Security Bulletin CVE-2024-6286

Description of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Refer to below for further details: Affected Versions The vulnerability affects the following supported versions of the Citrix Workspace app for Windows Current Release CR Citrix Workspac...

Citrix Session Recording Security Bulletin for CVE-2023-6184

A vulnerability has been discovered in Citrix Session Recording, which, if exploited, may result in an authenticated user being able to perform an RCE. Affected Versions: The following supported versions of Citrix Session Recording are affected by the vulnerability: Current Release CR Citrix...

CVE-2016-9637 - Citrix XenServer Security Update

Description of Problem A security vulnerability has been identified in Citrix XenServer that may allow malicious privileged-mode code running within an HVM guest VM to compromise the host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix...

Reporting: "Error retrieving data source. Return code=257. Error message=Operation not permitted."

The message "Error retrieving data source. Return code = 257. Error message = Operation not permitted" is displayed when clicking Reporting on NetScaler:...

Citrix Hypervisor Security Update

Several security issues have been discovered in Citrix Hypervisor that, collectively, may allow privileged code in a guest VM to compromise or crash the host. These issues have the following identifiers: CVE-ID| Description| Pre-requisites ---|---|--- CVE-2021-28694| Host denial of service|...

CVE-2017-17382 - TLS Padding Oracle Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway

Description of Problem A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway Packet Engine that could allow an attacker to exploit the appliance to decrypt TLS traffic. This vulnerability has been assigned the following CVE:...

CVE-2015-8277 - Citrix Licensing Security Updates

Description of Problem A vulnerability has been identified in Citrix Licensing that could allow a remote, unauthenticated attacker to crash the License Server and potentially execute arbitrary code on the server. This vulnerability affects the following products: Citrix License Server for Windows...

CVE-2019-11550 - Citrix SD-WAN Security Update

Description of Problem An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. The vulnerability has been assigned the following CVE...

Understanding Zero Touch Certificate Management (ZTCM) in Citrix NetScaler

Summary: This article addresses frequently asked questions regarding the behavior of Zero Touch Certificate Management ZTCM in Citrix NetScaler, including how it handles certificate synchronization, SNI-based certificate selection, and coexistence with legacy configurations...

uberAgent service startup fails with error 13

uberAgent service is not running. Attempt to start the service fails. Error message: Windows could not start the uberAgent service on Local Computer.Error 13: The data is invalid. uberAgent log file located in C:\Windows\Temp default location shows the errors: 2025-03-17 10:23:55.706...

Citrix Virtual Apps and Desktops 2402 CU2 expired certificate

Citrix Virtual Apps and Desktops CVAD 2402 LTSR Cumulative Update 2 CU2 2402.0.2100 contains installers and binaries signed with a now-expired code signing certificate. File signatures are considered valid if either: A timestamp was included at the time of signing, or The certificate used for...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492

Description of Problem Two vulnerabilities have been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Refer to below for further details: Affected Versions The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the...

Citrix Hypervisor Security Bulletin for CVE-2022-33748 & CVE-2022-33749

Several security issues have been identified in Citrix Hypervisor 8.2 LTSR CU1. These are: A malicious privileged user in a guest VM working in collaboration with a malicious privileged user in another guest VM can cause the host to crash or become unresponsive. This issue has the following CVE...

CVE-2018-5314 - Authentication Bypass Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway

Description of Problem A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway that, if exploited, could allow an unauthenticated attacker with access to the NetScaler management interface to bypass authenticati...

ADC: ICMP Timestamp Request Remote Date Disclosure Vulnerability (CVE-1999-0524)

Vulnerability scan is flagging NetScaler device as vulnerable to ICMP Timestamp Request Remote Date Disclosure Vulnerability CVE-1999-0524 even when an ACL already exists to block ICMP type 13 traffic...

Citrix Workspace app for HTML5 Security Bulletin CVE-2024-6148 and CVE-2024-6149

Description of Problem Two vulnerabilities have been discovered that impact the Citrix Workspace app for HTML5. Refer to below for further details: Affected Versions The vulnerabilities affect the following supported versions of the Citrix Workspace app for HTML5. Citrix Workspace app for HTML5...

How to Deploy Citrix Gateway Plug-in and Endpoint Analysis Installer Packages for Windows by Using Active Directory Group Policy

This article contains information about deploying the Citrix Gateway Plug-in and Endpoint Analysis EPA Microsoft Installer MSI packages for Windows by using an Active Directory Group Policy. If users do not have administrative privileges to install the Citrix Gateway Plug-in and EPA Plug-in on th...

Authentication Bypass Vulnerability in the Management Interface of Citrix Application Delivery Controller and Citrix Gateway

Description of Problem A vulnerability has been identified in the management interface of Citrix Application Delivery Controller ADC formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, that, if exploited, could allow an attacker with access to the management...

Citrix Security Acknowledgements

Citrix would like to thank security researchers who have worked with us to secure Citrix products and services. 2019 Vahagn Vardanian Mohammed Israil Nicholis du Toit Archit Garg of Careem Ismail Tasdelen Andrea Pessione of SKIT Cyber Security Armando Huesca of SKIT Cyber Security Asher Bin Khali...

CVE-2018-18883 - Citrix XenServer Security Update

Description of Problem A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. This issue affects the following versions of Citrix XenServer: Citrix XenServer 7.6 Citrix XenServer 7.5 Citrix XenServer 7.1 LTSR CU1 The...

CVE-2018-18517 - Cross-Site Scripting Vulnerability in Citrix NetScaler

Description of Problem A Cross-Site Scripting XSS vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition and Citrix ADC formerly known as NetScaler ADC, that if exploited by an attacker with access to the NetScaler administrative...

Citrix XenServer Multiple Security Updates

Description of Problem Two issues have been identified within Citrix XenServer, which could, if exploited, allow unprivileged code in a PV guest VM to cause the host to crash or become unresponsive. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and...

Citrix XenServer Multiple Security Updates

Description of Problem A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host. The following vulnerabilities...

Citrix Workspace App for Windows crash due to .NET 9.0.5

If you have any Current Release of Citrix Workspace App 2409.10 or higher, or LTSR version 2402 CU3 or higher and .NET Desktop Runtime 9.0.5 installed, receiver.exe could crash post session launch. Post crash, the systray icon would show up only two options - Open and Exit...

VDA machines stuck at Initializing for Hybrid Azure AD join

For Citrix MCS provisioned Hybrid Azure AD joined machine catalogs, the VDA machines might be stuck at “Initializing” status after startup. And when you login to the VDA machines and execute the “dsregcmd /status /debug” command, you will find below error message under “Diagnostic Data” “Server...

How to collect logs for Citrix Workspace App for Windows

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information This article describes the steps for collecting logs and key data from Citrix Workspace app for Windows...

Citrix ShareFile StorageZones Controller Multiple Security Updates

Description of Problem Two security issues have been identified within Citrix ShareFile StorageZones Controller that, if exploited, could allow a compromised or malicious ShareFile user to write arbitrary files as that Active Directory user to the local file system, and also to discover the full...

Netscaler CVE & Security Guide

Introduction Begin with an introduction to the main issue topic, explaining its significance and how the hub article serves as a central resource for related information. Overview of the Issue Provide a brief yet comprehensive overview of the issue, outlining the common challenges and key points...

Event ID: 28 "Could not contact any Federated Authentication Servers"

Users are unable to launch Citrix sessions from a FAS enabled store and observe the error - 'Cannot start desktop '. On the StoreFront servers, we observe Event ID: 28 stating - 'Failed to launch the resource 'XXXXXX' using the Citrix XML Service at address '??'. It was not possible to select a...

エラー番号 2306 が発生し、セッションの起動に失敗します

セッションの起動時にエラー番号 2306 が発生し、起動に失敗する場合があります。 エラーメッセージ： Citrix Workspace Configuration Manager: XXXXX.ica という名前のファイルが見つかりませんでした。インストールを確認するか、管理者に連絡してください。...

Citrix SD-WAN Center Security Updates

Description of Problem A command injection vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability could allow an unauthenticated attacker with access to the management console to compromise the host. A low severity...

Citrix Hypervisor Security Update

Description of Problem Two issues have been identified in Citrix Hypervisor that may, if exploited, allow privileged code in an HVM guest VM to compromise or crash the host. These issues only apply in specific configurations; furthermore, Citrix believes that there would be significant difficulty...

CVE-2017-5571 - Open Redirect Vulnerability in Citrix License Server for Windows and Citrix License Server VPX

Description of Problem An open redirect vulnerability has been identified in the Citrix License Server for Windows and the Citrix License Server VPX. This vulnerability could potentially be used to facilitate a phishing or social engineering attack. This vulnerability has been assigned the...

CVE-2016-6273 - Denial of Service Vulnerability in Citrix License Server

Description of Problem A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote, unauthenticated attacker to crash the License Server. This vulnerability affects all versions of Citrix License Server for Windows and Citri...

Citrix Hypervisor Security Update

Description of Problem A number of vulnerabilities have been found in Citrix Hypervisor formerly Citrix XenServer that may: i. Allow the host to be compromised by privileged code in a PV guest VM, ii. allow unprivileged code in a HVM guest VM to cause that guest to crash and iii. under certain...

CVE-2019-6485 - TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway

Description of Problem A vulnerability has been identified in the Citrix Application Delivery Controller ADC formally known as NetScaler ADC and NetScaler Gateway platforms using hardware acceleration that could allow an attacker to exploit the appliance to decrypt TLS traffic. This vulnerability...

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates

Description of Problem A number of vulnerabilities have been identified in supported versions of Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway. The following vulnerabilities have been addressed: CVE-2018-6810: Citrix NetScaler Application Delivery Controller ADC and...

CVE-2016-6493 - Memory Permission Weakness in Citrix XenApp and XenDesktop

Description of Problem A weakness has been identified in Citrix XenApp and XenDesktop. While this issue is not directly exploitable, it could potentially weaken an existing security mitigation, resulting in a loss of defence in depth. This weakness affects the following Citrix products: Citrix...

How to Fix the Uninstall of StoreFront

This article describes how to fix the uninstall of Citrix StoreFront when installed using a non-English UI. When StoreFront is installed under these conditions, uninstall will fail with error code 1605, erroneously indicating the product is not installed...

XenCenter 2024.2.0 - For Citrix Hypervisor and XenServer

Who Should Install This Update? This XenCenter update is for customers who use XenCenter as the management console for Citrix Hypervisor 8.2 CU1 and XenServer 8. This version of XenCenter supersedes any previous version of XenCenter. It constitutes the following deliverable: File Name|...

How to delete profile at logoff without profile saved on user store

Citrix Profile Mangement is often used with a shared storage, but some environments prevent the using of shared storage, and also want to use the function of delete locally cached profiles at logff in UPM. This article tells how to achieve this goal...

Security Advisory for Citrix Hypervisor

Several security issues have been identified that affect Citrix Hypervisor: An issue has been identified that may allow privileged code in a PV guest VM to cause the host to crash. This issue has the following identifier: CVE-2022-23034 Note that PV guests are supported in Citrix XenServer 7.1 LT...

CVE-2018-7218 - Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway leading to arbitrary code execution and host compromise

Description of Problem A flaw has been identified in the AppFirewall feature of Citrix NetScaler Application Delivery Controller ADC and Citrix NetScaler Gateway that could result in arbitrary code execution and host compromise. The following vulnerability has been addressed: CVE-2018-7218...

Wfica32.exe crashes when attempting to launch new session

Wfica32.exe crashes when attempting to launch Citrix ICA session from client side. From the client's Windows application logs, the following errors are noticed. ・Application Error with Event ID 1000 which indicates the faulting application name is WFICA32.EXE. ・Application Error with Event ID 1...

Citrix XenServer Multiple Security Updates

Description of Problem A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a PV guest VM to compromise the host. The issues have the identifiers: CVE-2017-8903 High: x86: 64bit PV guest breakout via pagetab...