Xenapp Security Vulnerabilities and Issues — Xenapp CVE List

CitrixXenapp

9 matches found

CVE•added 2020/11/16 12:35 a.m.•102 views

CVE-2020-8269

Citrix CVE-2020-8269 affects Citrix Virtual Apps and Desktops (VDA, App-V Service, UPS) with privilege escalation to SYSTEM. The root cause is unauthenticated/low-privilege user could execute arbitrary commands on the VDA or related components due to write access to C:\ or OS command handling vul...

9CVSS8.8AI score0.00369EPSS

CVE•added 2021/08/05 8:16 p.m.•91 views

CVE-2021-22928

Summary: CVE-2021-22928 is a local privilege-escalation vulnerability in Citrix Virtual Apps and Desktops (VDA) when Citrix Profile Management or the Citrix Profile Management WMI Plugin is installed. The root cause is related to improper access control allowing a user on a Windows VDA to elevate...

7.8CVSS7.7AI score0.00052EPSS

CVE•added 2020/12/14 7:40 p.m.•78 views

CVE-2020-8283

CVE-2020-8283 affects Citrix Virtual Apps and Desktops (UPS on Windows) where an authenticated user on a Windows host running Universal Print Server can perform arbitrary command execution as SYSTEM. The issue is documented across sources (NVD entry and Red Hat advisory) and is tied to affected p...

9CVSS8.8AI score0.00369EPSS

CVE•added 2009/07/14 2:0 p.m.•47 views

CVE-2009-2453

CVE-2009-2453 affects Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3. The issue is that an access policy is not applied when the policy is defined with the Access Gateway Advanced Edition filters, enabling bypass of intended access restrictions via unknown vectors. The conn...

7.5CVSS6.7AI score0.00727EPSS

CVE•added 2012/12/26 10:0 p.m.•46 views

CVE-2012-5161

CVE-2012-5161 affects Citrix XenApp 6.5 and 6.5 Feature Pack 1, via the XML Service interface. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on the XenApp server by sending a crafted packet to the XML service interface. Exploitation details are not disclos...

9.3CVSS8AI score0.07361EPSS

CVE•added 2008/10/22 10:0 a.m.•45 views

CVE-2008-4676

Summary: CVE-2008-4676 describes an unspecified local privilege-escalation vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0. The issue is triggered by unknown attack vectors related to cr...

6.8CVSS6.3AI score0.00074EPSS

CVE•added 2016/06/01 10:0 p.m.•44 views

CVE-2016-4810

CVE-2016-4810 affects Citrix Studio (bundled with Citrix XenApp/XenDesktop). The vulnerability allows an unauthenticated attacker to cause insecure Access Policy configuration on the XenDesktop Delivery Controller by using unspecified vectors. Affected versions include Citrix Studio before 7.6.10...

7.5CVSS7.4AI score0.00218EPSS

CVE•added 2016/08/19 9:0 p.m.•44 views

CVE-2016-6493

CVE-2016-6493 describes a memory permission weakness in Citrix XenApp/XenDesktop that could weaken an existing security mitigation. Affected: Citrix XenDesktop up to 7.8; XenApp 7.x up to 7.8; XenApp 6.x up to 6.5 HRP06. Remediation: upgrade to XenDesktop/XenApp 7.9+ and XenApp 6.5 HRP07+ (XenApp...

9.8CVSS9.2AI score0.02169EPSS

CVE•added 2020/06/11 1:59 a.m.•44 views

CVE-2020-13998

CVE-2020-13998 affects Citrix XenApp 6.5. A remote unauthenticated attacker can determine whether a user exists on the server because the 2FA error page only appears after a valid username is entered. Public sources in the connected documents confirm the issue as an information disclosure affecti...

7.5CVSS5.3AI score0.01642EPSS