CVE-2023-24487

CVE-2023-24487 describes an Arbitrary file read in Citrix ADC and Citrix Gateway. The vulnerability originates from access to NSIP/SNIP via the management interface and affects: Citrix ADC/Gateway 12.1 before 12.1-65.35, 12.1-FIPS before 12.1-55.296, 13.0 before 13.0-90.11, and 13.1 before 13.1-4...

CVE-2023-24488

CVE-2023-24488 is a cross-site scripting vulnerability affecting Citrix ADC and Citrix Gateway. Public data show that versions before 13.1 and the listed sub-versions (13.1-45.61, 13.0-90.11, 12.1-65.35) contain a flaw due to improper input/URL parameter validation that can cause script execution...

CVE-2022-27510

CVE-2022-27510 affects Citrix ADC and Citrix Gateway (Gateway) with unauthorized access to Gateway user capabilities. According to CTX463706, affected versions are Citrix ADC/Gateway 12.1.x before 12.1-65.21 (12.1-FIPS before 12.1-55.289), 13.0.x before 13.0-88.12, and 13.1.x before 13.1-33.47. T...

CVE-2022-27508

CVE-2022-27508 is an unauthenticated denial-of-service vulnerability affecting Citrix ADC and Citrix Gateway, specifically the 12.1-64.16 release. The CVE is detailed in Citrix Security Bulletin CTX457048, which confirms the DoS impact and that Citrix has published fixes. Other connected sources ...

CVE-2022-27507

CVE-2022-27507 affects Citrix ADC and Citrix Gateway. Affected conditions require DTLS enabled and either HDX Insight for EDT traffic or SmartControl configured, leading to an authenticated denial-of-service. Vulnerable versions include Citrix ADC/Gateway 12.1 prior to 12.1-64.17, 13.0 prior to 1...

CVE-2022-27513

CVE-2022-27513 affects Citrix Gateway and Citrix ADC, enabling remote desktop takeover via phishing when the gateway is configured as a Gateway/RDP proxy. The issue, tracked in Citrix Security Bulletin CTX463706, is tied to specific appliance versions: Citrix ADC/Gateway 12.1.x before 12.1-65.21 ...

CVE-2022-27516

CVE-2022-27516 describes a bypass of the login brute-force protection in Citrix Gateway/ADC. Affected products/versions per CTX463706: Citrix ADC/Gateway 12.1.x before 12.1-65.21 (12.1-65.21 included in FIPS/NDcPP), 13.0.x before 13.0-88.12, 13.1.x before 13.1-33.47 (also 12.1-FIPS before 12.1-55...

CVE-2021-22919

CVE-2021-22919 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliances. The vulnerability could exhaust available disk space. Affected versions (per CTX319135) include WANOP: 10.2 before 10.2.9.b, 11.2 before 11.2.3.b, 11.3 before 11.3.2.a, 11.4 before 11.4.0.a; ADC/Gateway...

CVE-2019-18177

CVE-2019-18177 affects Citrix ADC and Citrix Gateway (13.0-58.30 and later prior to CTX276688 update). The issue is an information disclosure exploitable by an authenticated VPN user when a configured SSL VPN endpoint exists. The root cause is exposure of protected information via the SSL VPN end...

CVE-2022-27509

CVE-2022-27509 describes an unauthenticated redirect vulnerability in Citrix ADC and Citrix Gateway. A victim user clicking an attacker-crafted link can be redirected to a malicious website due to insufficient data authenticity verification (CWE-345). Affected appliance versions include Citrix AD...

CVE-2021-22920

CVE-2021-22920 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition on models 4000-WO/4100-WO/5000-WO/5100-WO. The issue enables a phishing attack via a SAML authentication hijack to steal a valid user session. Affected versions include Citrix ADC/Gateway 12.1 before 12.1-62.25 and...

CVE-2021-22927

CVE-2021-22927 affects Citrix ADC and Citrix Gateway when configured as a SAML Service Provider. The vulnerability is a session fixation flaw that could allow an attacker to hijack a user session. Affected versions include Citrix ADC/Gateway 13.0 before 13.0-82.45 (and older 12.1/11.1 lines as li...

CVE-2021-22955

CVE-2021-22955 is an unauthenticated DoS vulnerability affecting Citrix ADC and Citrix Gateway (and relatedly Citrix SD-WAN WANOP in related CVE-2021-22956) when appliances are configured as a VPN/Gateway or AAA virtual server. Affected versions include 13.0 before 83.27, 12.1 before 63.22, 11.1 ...

CVE-2020-8300

CVE-2020-8300 affects Citrix ADC and Citrix NetScaler Gateway (multiple versions) and enables SAML authentication hijack via phishing to steal a valid user session when the appliance is configured as a SAML SP or IdP. Affected versions include 13.0-82.41, 12.1-62.23, 11.1-65.20 and 12.1-FIPS befo...

CVE-2021-22956

CVE-2021-22956 is an uncontrolled resource consumption vulnerability in Citrix ADC and related appliances that can be triggered by an attacker with management-interface access (NSIP/SNIP) to cause a temporary disruption of the Management GUI, Nitro API, and RPC communications. The issue affects m...

CVE-2020-8245

Citrix advisory CTX281474 details CVE-2020-8245 affecting Citrix ADC, Citrix Gateway, and related SD-WAN WANOP appliances. Root cause: HTML Injection due to improper input validation in the SSL VPN web portal. Impact: HTML content injection by an authenticated victim who must open an attacker-con...

CVE-2020-8246

Vulnerability summary (CVE-2020-8246) : A DoS vulnerability in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP is triggered by an attack originating from the management network. Affected versions include Citrix ADC and Gateway 13.0-64.35 and later, 12.1-58.15 and later, 12.1-FIPS 12.1-55.187 ...

CVE-2020-8299

CVE-2020-8299 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition with a network-based DoS caused by uncontrolled resource consumption within the same Layer 2 segment. Affected versions listed in public disclosures include Citrix ADC/Gateway 13.0 before 13.0-76.29, 12.1 before 12....

CVE-2020-8247

CVE-2020-8247 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP where the vulnerability resides in the management interface and allows escalation of privileges (CWE-269). Affected versions include Citrix ADC/Gateway 13.0-64.35+, 12.1-58.15+, 12.1-FIPS 12.1-55.187+, 11.1-65.12+, 11.2.1a+...