Lucene search
K
CitrixNetscaler Gateway

32 matches found

CVE
CVE
added 2024/07/10 6:56 p.m.7789 views

CVE-2024-5491

CVE-2024-5491 affects Citrix NetScaler ADC and NetScaler Gateway. The security bulletin CTX677944 details that the following ranges are vulnerable when using affected builds: NetScaler ADC/Gateway 14.1 before 14.1-25.53; 13.1 before 13.1-53.17; 13.0 before 13.0-92.31; 13.1-FIPS before 13.1-37.183...

7.5CVSS6.6AI score0.00764EPSS
CVE
CVE
added 2024/07/10 7:4 p.m.7776 views

CVE-2024-5492

CVE-2024-5492 is a real open redirect vulnerability in Citrix NetScaler ADC and NetScaler Gateway (remote unauthenticated attacker) described in the CTX677944 advisory. Affected versions include NetScaler ADC/Gateway 14.1 before 14.1-25.53, 13.1 before 13.1-53.17, 13.0 before 13.0-92.31, 13.1-FIP...

6.1CVSS7.1AI score0.00552EPSS
CVE
CVE
added 2024/11/12 6:15 p.m.4097 views

CVE-2024-8534

Summary: CVE-2024-8534 is a memory safety vulnerability in Citrix NetScaler ADC and NetScaler Gateway that can cause memory corruption and Denial of Service when the device is configured as a Gateway/VPN Vserver with RDP features enabled (or with an RDP Proxy Server Profile) or when the Auth Serv...

8.4CVSS6.9AI score0.00562EPSS
CVE
CVE
added 2023/07/19 5:51 p.m.1763 views

CVE-2023-3519

CVE-2023-3519 is an unauthenticated remote code execution in Citrix NetScaler ADC/Gateway. Exploitation enables an attacker with network access to run arbitrary code, potentially deploy web shells and fully compromise affected systems. Public advisories and multiple connected documents describe a...

9.8CVSS10AI score0.99445EPSS
In wild
CVE
CVE
added 2023/10/10 1:12 p.m.1101 views

CVE-2023-4966

CVE-2023-4966 affects Citrix NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. The issue stems from improper usage of snprintf/memory handling in the WebProc/auth pathways, causing memory disclosure via crafted responses and exposing sensitive data (e.g., aut...

9.4CVSS8.6AI score0.99999EPSS
In wild
CVE
CVE
added 2025/08/26 12:56 p.m.535 views

CVE-2025-7775

CVE-2025-7775 is a memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway. The CVE affects deployments where the appliance is configured as a Gateway (VPN VServer, ICA Proxy, CVPN, RDP Proxy) or AAA VServer, and also affects LB virtual servers of type HTTP, SSL, or HTTP_QUIC ...

9.8CVSS7.8AI score0.18973EPSS
In wild
CVE
CVE
added 2024/01/17 8:15 p.m.534 views

CVE-2023-6549

CVE-2023-6549 : A memory-buffer boundary violation in Citrix NetScaler ADC and NetScaler Gateway allows unauthenticated denial of service and an out-of-bounds memory read when the appliance is configured as a gateway or AAA virtual server. Affected versions include NetScaler ADC/Gateway 14.1 befo...

8.2CVSS8AI score0.57633EPSS
In wild
CVE
CVE
added 2025/06/17 12:29 p.m.364 views

CVE-2025-5777

CVE-2025-6543 is a memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway that can cause unintended control flow and Denial of Service when the appliance is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The Citrix security bulle...

9.3CVSS9.6AI score0.9987EPSS
In wild
CVE
CVE
added 2024/01/17 8:11 p.m.351 views

CVE-2023-6548

CVE-2023-6548 is a Code Injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway. The issue allows authenticated remote code execution on the management interface (NSIP/CLIP/SNIP) due to improper generation of code, affecting the management plane. Exploitation has been observed in th...

8.8CVSS8.8AI score0.03191EPSS
In wild
CVE
CVE
added 2023/10/27 6:1 p.m.247 views

CVE-2023-4967

CVE-2023-4967 affects Citrix NetScaler ADC and NetScaler Gateway. The issue is a Denial of Service when the appliance is configured as a Gateway (VPN/VPN-like services) or AAA virtual server. Connected documents confirm the vulnerability scope and link to Citrix advisory CTX579459, which details ...

8.2CVSS7.7AI score0.00878EPSS
CVE
CVE
added 2025/06/25 12:49 p.m.208 views

CVE-2025-6543

CVE-2025-6543 affects Citrix NetScaler ADC and NetScaler Gateway. The vulnerability is a memory overflow in the WebProc/AAA gateway flow triggered when processing the Host header via the /nf/auth/startwebview.do path, causing uncontrolled memory access that can lead to a Denial of Service and uni...

9.8CVSS7.4AI score0.09756EPSS
In wild
CVE
CVE
added 2023/07/19 6:35 p.m.179 views

CVE-2023-3467

Citrix CTX561482 documents CVE-2023-3467 as part of multiple vulnerabilities affecting NetScaler ADC/Gateway. It is a Privilege Escalation to root administrator (nsroot) vulnerability. Affected versions (per the bulletin) include NetScaler ADC/Gateway 13.1 before 13.1-49.13, 13.0 before 13.0-91.1...

8CVSS8.7AI score0.02097EPSS
CVE
CVE
added 2023/07/19 6:21 p.m.147 views

CVE-2023-3466

CVE-2023-3466 is a reflected Cross-Site Scripting (XSS) vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway. According to Citrix CTX561482, affected versions include NetScaler ADC/Gateway 13.1 before 13.1-49.13, 13.0 before 13.0-91.13, 13.1-FIPS before 13.1-37.159, 12.1-FIPS before...

8.3CVSS7.2AI score0.03041EPSS
CVE
CVE
added 2021/08/05 8:16 p.m.113 views

CVE-2021-22919

CVE-2021-22919 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliances. The vulnerability could exhaust available disk space. Affected versions (per CTX319135) include WANOP: 10.2 before 10.2.9.b, 11.2 before 11.2.3.b, 11.3 before 11.3.2.a, 11.4 before 11.4.0.a; ADC/Gateway...

7.5CVSS7.5AI score0.0094EPSS
CVE
CVE
added 2025/06/17 12:32 p.m.110 views

CVE-2025-5349

CVE-2025-5349 affects Citrix NetScaler ADC and NetScaler Gateway via Improper access control on the NetScaler Management Interface. The Citrix security bulletin CTX693420 documents affected versions and fixes: upgrade to 14.1-43.56 or later, 13.1-58.32 or later (and 13.1-FIPS/13.1-NDcPP 37.235 an...

8.8CVSS6.6AI score0.03653EPSS
In wild
CVE
CVE
added 2018/03/01 5:0 p.m.97 views

CVE-2018-5314

CVE-2018-5314 affects Citrix NetScaler ADC and NetScaler Gateway (11.0/11.1/12.0) and the NetScaler LB instance in SD-WAN/CloudBridge 9.3.0, allowing a remote attacker to execute system commands or read files via an SSH login prompt. Affected versions and fixes are documented in Citrix advisories...

7.5CVSS7.8AI score0.02849EPSS
CVE
CVE
added 2021/08/05 8:16 p.m.88 views

CVE-2021-22927

CVE-2021-22927 affects Citrix ADC and Citrix Gateway when configured as a SAML Service Provider. The vulnerability is a session fixation flaw that could allow an attacker to hijack a user session. Affected versions include Citrix ADC/Gateway 13.0 before 13.0-82.45 (and older 12.1/11.1 lines as li...

8.1CVSS7.8AI score0.00838EPSS
CVE
CVE
added 2024/11/12 6:28 p.m.84 views

CVE-2024-8535

Affected products: Citrix NetScaler ADC and NetScaler Gateway. Vulnerability: Authenticated users can access unintended user capabilities when the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with Kerberos SSO using a KCDAccount, or as an Auth Server (AAA Vserver) wi...

8.1CVSS6.5AI score0.00422EPSS
CVE
CVE
added 2026/03/23 8:21 p.m.81 views

CVE-2026-3055

CVE-2026-3055 affects Citrix NetScaler ADC/NetScaler Gateway when configured as a SAML IDP, causing a memory overread due to insufficient input validation. Affected versions per Nessus plugin: NetScaler ADC/Gateway 14.1 prior to 14.1-66.59; 13.1 prior to 13.1-62.23; and 13.1-FIPS/NDcPP prior to 1...

9.8CVSS5.8AI score0.83996EPSS
In wild
CVE
CVE
added 2021/06/16 1:8 p.m.74 views

CVE-2020-8299

CVE-2020-8299 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition with a network-based DoS caused by uncontrolled resource consumption within the same Layer 2 segment. Affected versions listed in public disclosures include Citrix ADC/Gateway 13.0 before 13.0-76.29, 12.1 before 12....

6.5CVSS6.3AI score0.00419EPSS
CVE
CVE
added 2021/06/16 1:8 p.m.74 views

CVE-2020-8300

CVE-2020-8300 affects Citrix ADC and Citrix NetScaler Gateway (multiple versions) and enables SAML authentication hijack via phishing to steal a valid user session when the appliance is configured as a SAML SP or IdP. Affected versions include 13.0-82.41, 12.1-62.23, 11.1-65.20 and 12.1-FIPS befo...

6.5CVSS6.5AI score0.0301EPSS
CVE
CVE
added 2017/08/02 7:0 p.m.72 views

CVE-2015-3642

Technical details for CVE-2015-3642 are not publicly available in the provided documents; monitor for updates.

5.9CVSS4.6AI score0.00847EPSS
CVE
CVE
added 2025/08/26 1:3 p.m.66 views

CVE-2025-7776

CVE-2025-7776 is a memory overflow vulnerability in Citrix NetScaler ADC/NetScaler Gateway. Affected when Gateway or AAA Vservers are used and a PCoIP Profile is bound to the NetScaler, enabling memory corruption that leads to unpredictable behavior and Denial of Service. Remediation requires upg...

9.8CVSS7.4AI score0.06658EPSS
CVE
CVE
added 2020/09/18 8:12 p.m.65 views

CVE-2020-8245

Citrix advisory CTX281474 details CVE-2020-8245 affecting Citrix ADC, Citrix Gateway, and related SD-WAN WANOP appliances. Root cause: HTML Injection due to improper input validation in the SSL VPN web portal. Impact: HTML content injection by an authenticated victim who must open an attacker-con...

6.1CVSS6.9AI score0.00934EPSS
CVE
CVE
added 2020/09/18 8:12 p.m.65 views

CVE-2020-8246

Vulnerability summary (CVE-2020-8246) : A DoS vulnerability in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP is triggered by an attack originating from the management network. Affected versions include Citrix ADC and Gateway 13.0-64.35 and later, 12.1-58.15 and later, 12.1-FIPS 12.1-55.187 ...

7.5CVSS7.5AI score0.01555EPSS
CVE
CVE
added 2020/09/18 8:12 p.m.60 views

CVE-2020-8247

CVE-2020-8247 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP where the vulnerability resides in the management interface and allows escalation of privileges (CWE-269). Affected versions include Citrix ADC/Gateway 13.0-64.35+, 12.1-58.15+, 12.1-FIPS 12.1-55.187+, 11.1-65.12+, 11.2.1a+...

8.8CVSS8.8AI score0.01353EPSS
CVE
CVE
added 2026/06/30 1:3 p.m.55 views

CVE-2026-13474

The CVE-2026-13474 vulnerability affects NetScaler ADC and NetScaler Gateway when HTTP/2 is enabled in an HTTP Profile and tied to a virtual server (LB, CS, VPN) or its service. It allows denial of service via malformed HTTP/2 requests, impacting availability. CVSS v4.0 base score 8.7 (HIGH) with...

8.7CVSS5.8AI score0.0044EPSS
CVE
CVE
added 2026/06/30 12:46 p.m.53 views

CVE-2026-8655

CVE-2026-8655 corresponds to multiple memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway that can cause unpredictable behavior and DoS when the appliance is used as an Oracle load balancer, a DNS Proxy, or a DNS recursive resolver. The NVD/NIST entry and multiple security advi...

9.8CVSS5.8AI score0.0046EPSS
CVE
CVE
added 2026/06/30 12:33 p.m.51 views

CVE-2026-8451

CVE-2026-8451 is a memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML IdP. The issue arises from insufficient input validation, related to the /saml/login path, enabling an unauthenticated attacker to read memory and potentially leak sensitive da...

8.8CVSS5.8AI score0.00502EPSS
In wild
CVE
CVE
added 2026/06/30 12:41 p.m.49 views

CVE-2026-8452

CVE-2026-8452 is a memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway that can cause unpredictable behavior and a Denial of Service when the appliance is configured as a Gateway/AAA virtual server. The CVE entry is supported by multiple sources noting a memory overflow co...

9.8CVSS5.8AI score0.00486EPSS
CVE
CVE
added 2026/06/30 12:52 p.m.36 views

CVE-2026-10816

CVE-2026-10816 affects NetScaler ADC and NetScaler Gateway. The issue is an Arbitrary File Read that is unauthenticated when access to NSIP, Cluster Management IP or SNIP with management access is enabled. According to the sources, the vulnerability allows read access to files, impacting confiden...

7.5CVSS5.8AI score0.00415EPSS
CVE
CVE
added 2026/06/30 12:58 p.m.27 views

CVE-2026-10817

CVE-2026-10817 is an “insufficient input validation leading to memory overread” affecting Citrix NetScaler ADC and NetScaler Gateway when TCP TimeStamp is enabled in the TCP profile and attached to a virtual server (LB, CS, VPN) or the service. Public sources consistently describe the root cause ...

7.5CVSS5.8AI score0.0041EPSS