31 matches found
CVE-2019-19781
CVE-2019-19781 affects Citrix ADC (formerly NetScaler) and Citrix Gateway/SD-WAN WANOP appliances. The issue is a path traversal flaw in the ADC/Gateway stack that could enable remote code execution. Exploitation was discussed publicly with advisories and mitigations; Citrix released fixes and mi...
CVE-2020-8193
CVE-2020-8193 affects Citrix ADC and Citrix Gateway (and Citrix SD-WAN WANOP) with unauthenticated access to certain endpoints due to improper access control. Affected releases include Citrix ADC/Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, 10.5-70.18 and WAN-OP version...
CVE-2020-8195
CVE-2020-8195 involves improper input validation in Citrix ADC and Citrix Gateway (and Citrix SD-WAN WAN-OP) prior to version 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, plus WAN-OP 11.1.1a/11.0.3d/10.2.7. It results in limited information disclosure to low-privileged users. T...
CVE-2020-8196
CVE-2020-8196 is an information-disclosure vulnerability in Citrix ADC/ Gateway and Citrix SD-WAN WANOP where improper access control allows limited data exposure to low-privilege users. Affected versions include Citrix ADC/Gateway prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-...
CVE-2020-8194
CVE-2020-8194 affects Citrix ADC and Citrix NetScaler Gateway (and Citrix SD-WAN WANOP family) with a remote code injection flaw described as reflected code injection. Affected versions include Citrix ADC/NetScaler Gateway before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, and...
CVE-2019-18225
CVE-2019-18225 affects Citrix ADC (NetScaler ADC) and Citrix Gateway via the management interface authentication bypass. Affected products/versions include Citrix ADC/Gateway 13.0 before build 41.28; 12.1 before 54.16; 12.0 before 62.10; 11.1 before 63.9; 10.5 before 70.8. The issue allows an att...
CVE-2019-6485
Citrix ADC/NetScaler Gateway TLS Padding Oracle (CVE-2019-6485) affects Citrix ADC/NetScaler Gateway versions prior to: 12.1 build 50.31, 12.0 build 60.9, 11.1 build 60.14, 11.0 build 72.17, and 10.5 build 69.5. The vulnerability exposes plaintext data from TLS traffic when CBC-based cipher suite...
CVE-2020-8191
CVE-2020-8191 concerns Citrix ADC and Citrix Gateway (and related WAN-OP components) with a reflected Cross-Site Scripting (XSS) vulnerability caused by improper input validation. Affected versions include Citrix ADC and Citrix Gateway before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10....
CVE-2020-8187
Citrix CTX276688 documents CVE-2020-8187 (and related CVEs) affecting Citrix ADC/NetScaler Gateway and Citrix SD-WAN WANOP appliances. Problem: improper input validation leads to unauthenticated denial of service via the management interface on affected versions. Affected products include Citrix ...
CVE-2017-17382
CVE-2017-17382 affects Citrix NetScaler ADC and NetScaler Gateway (versions 10.5 before 67.13, 11.0 before 71.22, 11.1 before 56.19, and 12.0 before 53.22). The root cause is a Bleichenbacher RSA padding oracle that could allow a remote attacker to decrypt TLS ciphertext, i.e., a ROBOT-style atta...
CVE-2020-8190
CVE-2020-8190 is a local elevation of privileges vulnerability in Citrix ADC and Citrix Gateway (and implicated Citrix SD-WAN WANOP appliances) caused by incorrect file permissions . It requires an authenticated user on the NSIP to exploit and can lead to privilege escalation within the device co...
CVE-2020-8197
CVE-2020-8197 affects Citrix ADC and Citrix Gateway (management interface). Vulnerable on versions 13.0-58.30 and earlier: 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18. A low-privileged user with management access can execute arbitrary commands (privilege escalation). Remediation: apply fix...
CVE-2017-14602
CVE-2017-14602 is an authentication-bypass flaw in the Citrix NetScaler ADC/NetScaler Gateway management interface. Affected versions include NetScaler ADC and Gateway 10.1 before 135.18, 10.5 before 66.9, 10.5e before 60.7010.e, 11.0 before 70.16, 11.1 before 55.13, and 12.0 before 53.13 (except...
CVE-2017-7219
CVE-2017-7219 is a heap overflow in Citrix NetScaler Gateway that allows a remote authenticated attacker to execute arbitrary commands. Affected products are Citrix NetScaler Gateway versions: 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13. The vulnerability...
CVE-2020-8198
CVE-2020-8198 describes improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18, and Citrix SD-WAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7, resulting in Stored Cross-Site Scripting (XSS). Connected sources...
CVE-2018-18517
Citrix NetScaler Gateway (and ADC) were found vulnerable to a Cross-Site Scripting (XSS) condition. Exploitation could allow remote, authenticated users to execute client-side scripts in the web context, potentially compromising the user session or sensitive information. The issue affects NetScal...
CVE-2019-12044
CVE-2019-12044 is a buffer overflow vulnerability in Citrix ADC and Citrix NetScaler Gateway. Affected products include NetScaler Gateway and ADC software versions: 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. The underlying issue is im...
CVE-2015-7997
CVE-2015-7997 covers multiple XSS flaws in the Nitro API of Citrix NetScaler ADC and NetScaler Gateway, exploitable via remote vectors on SD appliances. Affected versions include NetScaler ADC and Gateway before 10.1 Build 133.9, 10.5 before 58.11, and 10.5.e before 56.1505.e on NetScaler SVMs. T...
CVE-2018-6810
CVE-2018-6810 affects Citrix NetScaler ADC and NetScaler Gateway (versions 10.5, 11.0, 11.1, 12.0). The vulnerability is a directory traversal in the appliance that allows remote attackers to traverse the target filesystem via a crafted request. The issue impacts confidentiality (partial) but not...
CVE-2018-6809
CVE-2018-6809 affects Citrix NetScaler ADC and NetScaler Gateway (across multiple major builds). According to Citrix advisory CTX232161 and linked sources, this vulnerability is a Privilege Escalation that could allow a remote attacker to gain elevated privileges on targeted NetScaler devices. Th...
CVE-2018-7218
CVE-2018-7218 affects Citrix NetScaler ADC and NetScaler Gateway AppFirewall, enabling remote arbitrary code execution via unspecified vectors. Affected versions include 10.5 up to 68.7, 11.0 up to 71.24, 11.1 up to 58.13, and 12.0 up to 57.24. The vulnerability has been addressed in newer builds...
CVE-2015-5080
The CVE-2015-5080 entry affects Citrix NetScaler ADC and NetScaler Gateway management interface. It enables remote authenticated users to run arbitrary shell commands by injecting shell metacharacters in the filter parameter to rapi/ipsec_logs, affecting 10.1 (<10.1.132.8), 10.5 (<56.15), a...
CVE-2015-7996
The CVE-2015-7996 issue affects Citrix NetScaler products (ADC, Gateway, SVM) where the Nitro API can expose credentials via browser cache. Affected versions include NetScaler ADC and Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service ...
CVE-2015-5538
Citrix NetScaler ADC/NetScaler Gateway vuln (CVE-2015-5538) allows remote attackers to gain privileges via unknown vectors, affecting NetScaler ADC/Gateway versions prior to 10.1 Build 132.8, 10.5 prior to Build 57.7, and 10.5e prior to Build 56.1505.e. Descriptions consistently cite privilege es...
CVE-2017-17549
Citrix NetScaler ADC and NetScaler Gateway are affected by CVE-2017-17549, enabling information disclosure from the backend client TLS handshake when TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange are used. Affected virtual appliances include NetScaler ADC/Gateway ...
CVE-2014-8580
CVE-2014-8580 affects Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The connected vendor advisory CTX200254 documents an authentication flaw in certain configurations that could allow an authenticated user to obtain unauthorized access to network resources belongin...
CVE-2015-6672
CVE-2015-6672 is a cross-site scripting (XSS) vulnerability in the Administrative Web Interface of Citrix NetScaler ADC and NetScaler Gateway. Affects versions prior to 10.1 Build 132.8, 10.5 prior to Build 57.7, and 10.5e prior to Build 56.1505.e. An attacker can remotely inject arbitrary web sc...
CVE-2018-6808
CVE-2018-6808 affects Citrix NetScaler ADC and NetScaler Gateway (multiple vulnerable builds). The issue is an Arbitrary File Download vulnerability exploitable remotely, enabling attackers to download files from the target system. Affected versions include Citrix NetScaler ADC/Gateway before the...
CVE-2018-6811
CVE-2018-6811 consists of multiple Cross‑Site Scripting (XSS) vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway. The weaknesses allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. Affected versions include NetScaler ADC and NetScaler Gatew...
CVE-2015-7998
CVE-2015-7998 affects Citrix NetScaler ADC and NetScaler Gateway administration UI on NetScaler Service Delivery Appliance SVM. The vulnerability permits an attacker to obtain sensitive information via unspecified vectors in affected builds (ADC before 10.1 Build 133.9, 10.5 before Build 58.11, a...
CVE-2015-2829
CVE-2015-2829 affects Citrix NetScaler ADC and NetScaler Gateway before 10.5 Build 53.9–55.8 and 10.5.e Build 53-9010.e, allowing a remote attacker to trigger a denial of service (reboot) via unspecified vectors. Connected sources confirm the affected product family and impact but do not provide ...