Virtual Apps And Desktops Security Vulnerabilities and Issues — Virtual Apps And Desktops CVE List

CitrixVirtual Apps And Desktops

9 matches found

CVE•added 2024/07/10 8:21 p.m.•7897 views

CVE-2024-6151

CVE-2024-6151 is a Local Privilege Escalation in the Windows Virtual Delivery Agent (VDA) used by Citrix Virtual Apps and Desktops and Citrix DaaS. The bulletin CTX678035 states affected versions are: Current Release (CR) before 2402; 1912 LTSR before CU9; 2203 LTSR before CU5. Fixes are availabl...

8.5CVSS7.4AI score0.0016EPSS

CVE•added 2023/02/16 12:0 a.m.•134 views

CVE-2023-24483

CVE-2023-24483 affects Citrix Virtual Apps and Desktops Windows VDA. The bulletin CTX477616 states the vulnerability is a Privilege Escalation to NT AUTHORITY\SYSTEM via improper privilege management (CWE-269) on a local Windows user session. Affected are Citrix Virtual Apps and Desktops versions...

7.8CVSS7.5AI score0.00143EPSS

CVE•added 2020/11/16 12:35 a.m.•102 views

CVE-2020-8269

Citrix CVE-2020-8269 affects Citrix Virtual Apps and Desktops (VDA, App-V Service, UPS) with privilege escalation to SYSTEM. The root cause is unauthenticated/low-privilege user could execute arbitrary commands on the VDA or related components due to write access to C:\ or OS command handling vul...

9CVSS8.8AI score0.00369EPSS

CVE•added 2021/08/05 8:16 p.m.•91 views

CVE-2021-22928

Summary: CVE-2021-22928 is a local privilege-escalation vulnerability in Citrix Virtual Apps and Desktops (VDA) when Citrix Profile Management or the Citrix Profile Management WMI Plugin is installed. The root cause is related to improper access control allowing a user on a Windows VDA to elevate...

7.8CVSS7.7AI score0.00052EPSS

CVE•added 2020/11/16 12:35 a.m.•90 views

CVE-2020-8270

CVE-2020-8270 affects Citrix Virtual Apps and Desktops (CVAD) on Windows VDA: unprivileged users or SMB clients can escalate to SYSTEM via Citrix App-V Service when installed. The issue is listed with CVE-2020-8270 and related CTX hotfixes; affected product lines include CVAD 2009 or earlier, 191...

9CVSS8.8AI score0.00849EPSS

CVE•added 2024/01/18 1:4 a.m.•90 views

CVE-2023-6184

CVE-2023-6184 – Citrix Session Recording XSS : The Citrix Session Recording component is affected by a cross-site scripting vulnerability. Affected: Citrix Session Recording on current Release (CR) versions prior to 2311, and Long Term Service Release (LTSR) versions prior to CU8 hotfix 19.12.810...

7.2CVSS6.7AI score0.20802EPSS

In wild

CVE•added 2023/07/10 9:6 p.m.•80 views

CVE-2023-24490

CVE-2023-24490 affects Citrix Virtual Apps and Desktops Windows Virtual Delivery Agent (VDA). The issue is improper access control that allows users with only VDA-launch permissions to start an unauthorized desktop. Documented in Citrix CTX559370 and mirrored by Red Hat/NVD entries; impact is una...

6.3CVSS5.3AI score0.00074EPSS

CVE•added 2020/12/14 7:40 p.m.•78 views

CVE-2020-8283

CVE-2020-8283 affects Citrix Virtual Apps and Desktops (UPS on Windows) where an authenticated user on a Windows host running Universal Print Server can perform arbitrary command execution as SYSTEM. The issue is documented across sources (NVD entry and Red Hat advisory) and is tied to affected p...

9CVSS8.8AI score0.00369EPSS

CVE•added 2025/07/08 9:41 p.m.•21 views

CVE-2025-6759

CVE-2025-6759 affects Citrix Virtual Apps and Desktops — specifically the Windows Virtual Delivery Agent (VDA) used by CVAD and Citrix DaaS. The root cause is an open process handle with full access leaking from SYSTEM-owned GfxMgr.exe into a less-privileged processCtxGfx.exe, allowing a low-priv...

7.8CVSS7AI score0.00064EPSS