22 matches found
CVE-2020-8209
Citrix XenMobile Server (XenMobile) is affected by a Local File Inclusion/Path Traversal vulnerability (CVE-2020-8209). Affected versions are Citrix XenMobile Server 10.12 before RP2, 10.11 before RP4, 10.10 before RP6, and earlier than 10.9 RP5. Root cause is improper access control that allows ...
CVE-2021-44519
The CVE-2021-44519 issue affects Citrix Endpoint Management (XenMobile Server) up to version 10.12 RP9. It is described as an Authenticated Directory Traversal vulnerability that can lead to remote code execution, caused by insufficient restriction of directory traversal paths. Affected component...
CVE-2021-44520
CVE-2021-44520 affects Citrix Endpoint Management (XenMobile Server). An authenticated XenMobile console user can perform command injection to obtain remote code execution with root privileges. Affected: XenMobile Server 10.12 RP9 and earlier; fixes are provided in patches for 10.13.0 (patch 7) a...
CVE-2022-26151
CVE-2022-26151 affects Citrix XenMobile Server: versions 10.12–RP11, 10.13–RP7, and 10.14–RP4 are vulnerable to command injection. The issue is described as enabling command injection with risk of unauthorized OS access (admin-level on XenMobile CLI). Remediation per Citrix bulletin CTX370551 is ...
CVE-2018-10653
CVE-2018-10653 is an XML External Entity (XXE) processing vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Connected advisories confirm an XXE injection flaw could lead to unauthorized access to critical data, with Citrix releasing Rolling Patch 2 (for 10.8) and Rolli...
CVE-2018-18014
Citrix Xen Mobile up to 10.8 is affected by a lack of authentication that allows low-privileged local users to execute system commands as root by sending requests to private services listening on ports 8000, 30000, and 30001. The vendor disputes this as a vulnerability and cites firewall-based lo...
CVE-2018-10654
CVE-2018-10654 affects Citrix XenMobile Server 10.8 (before RP2) and 10.7 (before RP3). The vulnerability is a Hazelcast Library Java Deserialization vulnerability in the clustering path. The Citrix advisory notes this issue is exposed only if XenMobile Clustering is enabled. Remediation stated i...
CVE-2020-8208
CVE-2020-8208 affects Citrix XenMobile / Citrix Endpoint Management (CEM) XenMobile Server. The vulnerability arises from improper input validation that enables Cross-Site Scripting (XSS). Affected on‑prem XenMobile Server versions include 10.12 before RP2, 10.11 before RP4, 10.11 before RP6, and...
CVE-2020-8211
CVE-2020-8211 concerns Citrix Endpoint Management (XenMobile) with SQL Injection due to improper input validation. Affected on‑prem XenMobile Server versions include 10.12 before RP3, 10.11 before RP6, 10.10 before RP6, and before 10.9 RP5; critical flaws also affect 10.12 before RP2 and 10.11 be...
CVE-2020-8212
CVE-2020-8212 affects Citrix Endpoint Management (XenMobile) on-premises XenMobile Server versions with Privilege Escalation due to improper access control that grants access to privileged functionality. Affected lines include: XenMobile Server 10.12 before RP2 (critical) and 10.11 before RP4, 10...
CVE-2020-8210
CVE-2020-8210 in Citrix XenMobile Server (EndPoint Management) stems from insufficient protection of secrets, causing service account credentials to be disclosed. Affected on-prem XenMobile/XenMobile Server versions include: 10.12 before RP3, 10.11 before RP6, 10.10 before RP6, and versions befor...
CVE-2016-2789
CVE-2016-2789 is a cross-site scripting (XSS) vulnerability in the Web User Interface of Citrix XenMobile Server 10.x. The issue affects XenMobile Server 10.0, 10.1 (before Rolling Patch 4), and 10.3 (before Rolling Patch 1). An attacker could inject arbitrary web script or HTML via unspecified v...
CVE-2018-18571
CVE-2018-18571 (Citrix XenMobile Server) is an Authentication Bypass vulnerability affecting XenMobile Server 10.9.0 before Rolling Patch 3 and 10.8.0 before Rolling Patch 6. An attacker could impersonate and act on behalf of any Mobile Application Management (MAM) enrolled device. The reported r...
CVE-2017-9231
CVE-2017-9231 is an XML External Entity (XXE) processing vulnerability in Citrix XenMobile Server (versions 9.x and 10.x prior to 10.5 RP3) that could allow an unauthenticated attacker to retrieve potentially sensitive information from the server via unspecified vectors. The issue is caused by XX...
CVE-2018-18013
Xen Mobile prior to 10.8.0 contains a service listening on port 5001 that accepts unauthenticated input; deserializing raw Java objects in memory can lead to remote code execution. The vendor disputes the vulnerability, stating it is mitigated by an internal firewall limiting access to localhost....
CVE-2018-10648
Citrix XenMobile Server 10.7 and 10.8 are affected by CVE-2018-10648, an unauthenticated file upload vulnerability. The CTX234879 article confirms the issue and notes that vulnerability is addressed in Rolling Patch 2 for 10.8 and Rolling Patch 3 for 10.7. Mitigation guidance from Citrix also ind...
CVE-2018-10652
CVE-2018-10652 affects Citrix XenMobile Server 10.7 before RP3, causing Sensitive Data Leakage. The issue is a network-exploitable vulnerability with potential partial confidentiality impact per CVSS vector data. Citrix states that this and other issues have been addressed in newer builds, recomm...
CVE-2020-8253
CVE-2020-8253 affects Citrix Endpoint Management (XenMobile) server components, specifically XenMobile Server 10.12 before RP2, 10.11 before RP4, 10.10 before RP6, and before 10.9 RP5, where improper authentication may allow access to sensitive files. The Citrix security update article CTX277457 ...
CVE-2016-6877
CVE-2016-6877 affects Citrix XenMobile Server prior to 10.5.0.24. The issue is described as allowing man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. The vendor notes that this was not considered a valid vulnerability becau...
CVE-2018-10650
CVE-2018-10650 is an Insufficient Path Validation vulnerability in Citrix XenMobile Server. Affected versions are 10.8 before Rolling Patch 2 and 10.7 before Rolling Patch 3. The Citrix article CTX234879 documents multiple XenMobile issues; for this CVE, remediation is to apply the appropriate ro...
CVE-2018-10651
CVE-2018-10651 affects Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3, involving Open Redirect vulnerabilities. Citrix lists this CVE among several for XenMobile 10.7/10.8 and provides remediation via upgrades to RP2 (10.8) and RP3 (10.7). In clustering scenarios, mitigation includes...
CVE-2018-10649
Citrix XenMobile Server 10.7 (before RP3) is affected by CVE-2018-10649, a Cross-Site Scripting (XSS) vulnerability that could allow an attacker to inject arbitrary web script or HTML. Mitigation per Citrix: upgrade XenMobile 10.7 to Rolling Patch 3 (RP3) and XenMobile 10.8 to Rolling Patch 2; th...