Search criteria
64 vulnerabilities
CVE-2025-12101 (GCVE-0-2025-12101)
Vulnerability from cvelistv5 – Published: 2025-11-11 13:44 – Updated: 2025-11-12 20:03
VLAI?
Summary
Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:54:37.426494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:03:26.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "56.73",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "60.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.250",
"status": "affected",
"version": "13.1-FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.333",
"status": "affected",
"version": "12.1-FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "56.73",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "60.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.250",
"status": "affected",
"version": "13.1-FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.333",
"status": "affected",
"version": "12.1-FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-11-11T13:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCross-Site Scripting (XSS)\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u0026nbsp;\u003c/span\u003ethe appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"value": "Cross-Site Scripting (XSS)\u00a0in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T13:44:56.765Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX695486"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-12101",
"datePublished": "2025-11-11T13:44:56.765Z",
"dateReserved": "2025-10-23T01:57:06.637Z",
"dateUpdated": "2025-11-12T20:03:26.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8424 (GCVE-0-2025-8424)
Vulnerability from cvelistv5 – Published: 2025-08-26 13:11 – Updated: 2025-08-27 14:08
VLAI?
Summary
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T03:55:15.625808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:08:11.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-08-26T13:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control on the NetScaler Management Interface\u003c/span\u003e in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC\u202fand NetScaler Gateway when an attacker can get a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eccess to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T13:11:10.822Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper access control on the NetScaler Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-8424",
"datePublished": "2025-08-26T13:11:10.822Z",
"dateReserved": "2025-07-31T15:12:42.021Z",
"dateUpdated": "2025-08-27T14:08:11.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7776 (GCVE-0-2025-7776)
Vulnerability from cvelistv5 – Published: 2025-08-26 13:03 – Updated: 2025-08-27 14:33
VLAI?
Summary
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:33:04.448715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:33:12.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-08-26T12:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMemory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service\u003c/span\u003e\u0026nbsp;in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it \u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service\u00a0in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T13:03:42.316Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-7776",
"datePublished": "2025-08-26T13:03:42.316Z",
"dateReserved": "2025-07-17T20:39:15.456Z",
"dateUpdated": "2025-08-27T14:33:12.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7775 (GCVE-0-2025-7775)
Vulnerability from cvelistv5 – Published: 2025-08-26 12:56 – Updated: 2025-10-21 22:45
VLAI?
Summary
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers
(OR)
CR virtual server with type HDX
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7775",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T03:55:14.429609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-26",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-7775"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:20.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-7775"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-26T00:00:00+00:00",
"value": "CVE-2025-7775 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.48",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.22",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.241",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
},
{
"lessThan": "55.330",
"status": "affected",
"version": "12.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-08-26T12:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMemory overflow vulnerability leading to Remote Code Execution and/or Denial of Service\u003c/span\u003e in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u0026nbsp;\u003cp\u003eNetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server\u003c/p\u003e\u003cp\u003e(OR)\u003c/p\u003e\u003cp\u003eNetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers \u003c/p\u003e\u003cp\u003e(OR)\u003c/p\u003e\u003cp\u003eNetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers\u003c/p\u003e\u003cp\u003e(OR)\u003c/p\u003e\u003cp\u003eCR virtual server with type HDX\u003c/p\u003e\u003c/span\u003e"
}
],
"value": "Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when\u00a0NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server\n\n(OR)\n\nNetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers \n\n(OR)\n\nNetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers\n\n(OR)\n\nCR virtual server with type HDX"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T12:56:53.794Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-7775",
"datePublished": "2025-08-26T12:56:53.794Z",
"dateReserved": "2025-07-17T20:39:14.032Z",
"dateUpdated": "2025-10-21T22:45:20.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6759 (GCVE-0-2025-6759)
Vulnerability from cvelistv5 – Published: 2025-07-08 21:41 – Updated: 2025-07-10 03:55
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Windows Virtual Delivery Agent for CVAD and Citrix DaaS |
Affected:
Current Release (CR) , < 2503
(patch)
Affected: Long Term Service Release (LTSR) , ≤ 2402 LTSR CU2 (patch) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:55:59.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Windows Virtual Delivery Agent for CVAD and Citrix DaaS",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2503",
"status": "affected",
"version": "Current Release (CR)",
"versionType": "patch"
},
{
"lessThanOrEqual": "2402 LTSR CU2",
"status": "affected",
"version": "Long Term Service Release (LTSR)",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-07-08T12:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges\u0026nbsp;\u003c/span\u003ein Windows Virtual Delivery Agent for CVAD and Citrix DaaS"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in Windows Virtual Delivery Agent for CVAD and Citrix DaaS"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T21:41:21.902Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694820"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-6759",
"datePublished": "2025-07-08T21:41:21.902Z",
"dateReserved": "2025-06-27T01:20:50.330Z",
"dateUpdated": "2025-07-10T03:55:59.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6543 (GCVE-0-2025-6543)
Vulnerability from cvelistv5 – Published: 2025-06-25 12:49 – Updated: 2025-10-21 22:45
VLAI?
Summary
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6543",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T03:55:32.992762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-06-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6543"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:23.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6543"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-30T00:00:00+00:00",
"value": "CVE-2025-6543 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.19",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.236",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "59.19",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.236",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-25T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\u0026nbsp;configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"value": "Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when\u00a0configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:49:57.896Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory overflow vulnerability leading to unintended control flow and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-6543",
"datePublished": "2025-06-25T12:49:57.896Z",
"dateReserved": "2025-06-23T18:08:23.912Z",
"dateUpdated": "2025-10-21T22:45:23.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0320 (GCVE-0-2025-0320)
Vulnerability from cvelistv5 – Published: 2025-06-17 13:25 – Updated: 2025-06-18 03:56
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Secure Access Client for Windows |
Affected:
1 , < 25.5.1.15
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:03.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access Client for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "25.5.1.15",
"status": "affected",
"version": "1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-17T13:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:25:22.351Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694724"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-0320",
"datePublished": "2025-06-17T13:25:22.351Z",
"dateReserved": "2025-01-07T23:53:15.561Z",
"dateUpdated": "2025-06-18T03:56:03.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4879 (GCVE-0-2025-4879)
Vulnerability from cvelistv5 – Published: 2025-06-17 13:02 – Updated: 2025-06-18 03:56
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Workspace App for Windows |
Affected:
CR , < 2409
(patch)
Affected: 2402 LTSR , < CU2 Hotfix 1 (hotfix) Affected: 2402 LTSR , < CU3 Hotfix 1 (hotfix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:01.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Workspace App for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2409",
"status": "affected",
"version": "CR",
"versionType": "patch"
},
{
"lessThan": "CU2 Hotfix 1",
"status": "affected",
"version": "2402 LTSR",
"versionType": "hotfix"
},
{
"lessThan": "CU3 Hotfix 1",
"status": "affected",
"version": "2402 LTSR",
"versionType": "hotfix"
}
]
}
],
"datePublic": "2025-06-17T13:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u0026nbsp;\u003c/span\u003e\u003c/b\u003eCitrix Workspace app for Windows\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:02:59.807Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-4879",
"datePublished": "2025-06-17T13:02:59.807Z",
"dateReserved": "2025-05-17T02:24:20.690Z",
"dateUpdated": "2025-06-18T03:56:01.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4365 (GCVE-0-2025-4365)
Vulnerability from cvelistv5 – Published: 2025-06-17 12:38 – Updated: 2025-06-17 13:49
VLAI?
Summary
Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:44:12.219691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:49:08.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Console",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDX (SVM)",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "47.46",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-17T12:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eArbitrary file read in\u0026nbsp;NetScaler Console and NetScaler SDX (SVM)\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Arbitrary file read in\u00a0NetScaler Console and NetScaler SDX (SVM)"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T12:47:26.718Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694729"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-4365",
"datePublished": "2025-06-17T12:38:10.318Z",
"dateReserved": "2025-05-05T17:29:52.331Z",
"dateUpdated": "2025-06-17T13:49:08.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5349 (GCVE-0-2025-5349)
Vulnerability from cvelistv5 – Published: 2025-06-17 12:32 – Updated: 2025-06-26 03:55
VLAI?
Summary
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T03:55:22.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "43.56",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-17T12:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control on the NetScaler Management Interface\u003c/span\u003e\u003c/b\u003e in \u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eNetScaler\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e ADC\u202fand \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eNetScaler\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e Gateway \u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T12:32:24.670Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetScaler ADC\u202fand NetScaler Gateway - Improper access control on the NetScaler Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-5349",
"datePublished": "2025-06-17T12:32:24.670Z",
"dateReserved": "2025-05-30T06:53:21.233Z",
"dateUpdated": "2025-06-26T03:55:22.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5777 (GCVE-0-2025-5777)
Vulnerability from cvelistv5 – Published: 2025-06-17 12:29 – Updated: 2025-10-21 22:45
VLAI?
Summary
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5777",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T03:55:31.757062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-07-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:24.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description",
"signature"
],
"url": "https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71"
},
{
"tags": [
"media-coverage"
],
"url": "https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-10T00:00:00+00:00",
"value": "CVE-2025-5777 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-13T18:49:26.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/"
},
{
"url": "https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/"
},
{
"url": "https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/"
},
{
"url": "https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/"
},
{
"url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"
},
{
"url": "https://citrixbleed.com"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "43.56",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "43.56",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "58.32",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-06-17T12:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient input validation leading to memory overread when the\u003c/span\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\u003c/span\u003e"
}
],
"value": "Insufficient input validation leading to memory overread when the\u00a0NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T00:57:12.458Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-5777",
"datePublished": "2025-06-17T12:29:34.506Z",
"dateReserved": "2025-06-06T06:14:02.358Z",
"dateUpdated": "2025-10-21T22:45:24.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1223 (GCVE-0-2025-1223)
Vulnerability from cvelistv5 – Published: 2025-02-20 00:07 – Updated: 2025-02-20 16:21
VLAI?
Summary
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Secure Access Client for Mac |
Affected:
25 , < 01.2
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T16:21:44.396057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:21:58.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access Client for Mac",
"vendor": "Citrix",
"versions": [
{
"lessThan": "01.2",
"status": "affected",
"version": "25",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCitrix Secure Access Client for Mac\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in\u00a0Citrix Secure Access Client for Mac"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T00:07:27.949Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX692679-citrix-secure-access-client-for-mac-security-bulletin-for-cve20251222-and-cve20251223?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-1223",
"datePublished": "2025-02-20T00:07:27.949Z",
"dateReserved": "2025-02-11T05:59:28.866Z",
"dateUpdated": "2025-02-20T16:21:58.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1222 (GCVE-0-2025-1222)
Vulnerability from cvelistv5 – Published: 2025-02-20 00:05 – Updated: 2025-02-20 16:27
VLAI?
Summary
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
Severity ?
CWE
- cwe-693
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Secure Access Client for Mac |
Affected:
25 , < 01.2
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T16:27:31.008185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:27:56.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access Client for Mac",
"vendor": "Citrix",
"versions": [
{
"lessThan": "01.2",
"status": "affected",
"version": "25",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac"
}
],
"value": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-693",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T00:05:23.829Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX692679-citrix-secure-access-client-for-mac-security-bulletin-for-cve20251222-and-cve20251223?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-1222",
"datePublished": "2025-02-20T00:05:23.829Z",
"dateReserved": "2025-02-11T05:59:25.290Z",
"dateUpdated": "2025-02-20T16:27:56.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12284 (GCVE-0-2024-12284)
Vulnerability from cvelistv5 – Published: 2025-02-19 23:30 – Updated: 2025-02-21 04:56
VLAI?
Summary
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T04:56:13.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Console",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "38.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "56.18",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Agent",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "38.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "56.18",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2025-02-18T23:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated privilege escalation in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler Console and NetScaler Agen\u003c/span\u003et allows."
}
],
"value": "Authenticated privilege escalation in\u00a0NetScaler Console and NetScaler Agent allows."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T23:30:22.357Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-12284",
"datePublished": "2025-02-19T23:30:11.146Z",
"dateReserved": "2024-12-05T20:44:23.593Z",
"dateUpdated": "2025-02-21T04:56:13.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8535 (GCVE-0-2024-8535)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:28 – Updated: 2024-11-21 16:18
VLAI?
Summary
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
Severity ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetScaler | NetScaler ADC |
Affected:
14.1 , < 29.72
(patch)
Affected: 13.1 , < 55.34 (patch) Affected: 13.1 FIPS , < 37.207 (patch) Affected: 12.1-FIPS , < 55.321 (patch) Affected: 12.1-NDcPP , < 55.321 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adc",
"vendor": "netscaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-ndcpp",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gateway",
"vendor": "netscaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-fips",
"versionType": "custom"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-ndcpp",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T20:05:08.852710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:18:12.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1 FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthenticated user can access unintended user capabilities\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway if t\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR\u003c/strong\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;t\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as an\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAuth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Authenticated user can access unintended user capabilities\u00a0in\u00a0NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources\u00a0OR\u00a0the appliance must be configured as an\u00a0Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:31:02.674Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated user can access unintended user capabilities",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8535",
"datePublished": "2024-11-12T18:28:51.398Z",
"dateReserved": "2024-09-06T17:18:27.467Z",
"dateUpdated": "2024-11-21T16:18:12.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8534 (GCVE-0-2024-8534)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:15 – Updated: 2024-11-21 16:19
VLAI?
Summary
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetSclaer | NetScaler ADC |
Affected:
14.1 , < 29.72
(patch)
Affected: 13.1 , < 55.34 (patch) Affected: 13.1-FIPS , < 37.207 (patch) Affected: 12.1-FIPS , < 55.321 (patch) Affected: 12.1-NDcPP , < 55.321 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "adc",
"vendor": "netscaler",
"versions": [
{
"lessThan": "14.1-29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gateway",
"vendor": "netscaler",
"versions": [
{
"lessThan": "14.1-29.72",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "adc",
"vendor": "netscaler",
"versions": [
{
"lessThan": "13.1-55.34",
"status": "affected",
"version": "13.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler-adc_13.1-fips:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netscaler-adc_13.1-fips",
"vendor": "netscaler",
"versions": [
{
"lessThan": "13.1-37.207",
"status": "affected",
"version": "13.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler-adc_12.1-fips:12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netscaler-adc_12.1-fips",
"vendor": "netscaler",
"versions": [
{
"lessThan": "12.1-55.321",
"status": "affected",
"version": "12.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler-adc_12.1-ndcpp:12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netscaler-adc_12.1-ndcpp",
"vendor": "netscaler",
"versions": [
{
"lessThan": "12.1-55.321",
"status": "affected",
"version": "12.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T14:38:35.887321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:19:44.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetSclaer",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "29.72",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "55.34",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.207",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.321",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMemory safety vulnerability leading to memory corruption and Denial of Service\u0026nbsp;\u003c/span\u003ein NetScaler ADC and Gateway if t\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR t\u003c/strong\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver)\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR t\u003c/strong\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ehe appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled\u003c/span\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e\u003cbr\u003e"
}
],
"value": "Memory safety vulnerability leading to memory corruption and Denial of Service\u00a0in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled\u00a0OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver)\u00a0OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:15:44.673Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory safety vulnerability leading to memory corruption and Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8534",
"datePublished": "2024-11-12T18:15:44.673Z",
"dateReserved": "2024-09-06T17:18:25.789Z",
"dateUpdated": "2024-11-21T16:19:44.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8069 (GCVE-0-2024-8069)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:01 – Updated: 2025-10-21 22:55
VLAI?
Summary
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix Session Recording | Citrix Session Recording |
Affected:
2407 Current Release , < 24.5.200.8
(patch)
Affected: 1912 LTSR , < CU9 hotfix 19.12.9100.6 (patch) Affected: 2203 LTSR , < CU5 hotfix 22.03.5100.11 (patch) Affected: 2402 LTSR , < CU1 hotfix 24.02.1200.16 (patch) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8069",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T03:55:21.218023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8069"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:36.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8069"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-25T00:00:00+00:00",
"value": "CVE-2024-8069 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Session Recording",
"vendor": "Citrix Session Recording",
"versions": [
{
"lessThan": "24.5.200.8",
"status": "affected",
"version": "2407 Current Release",
"versionType": "patch"
},
{
"lessThan": "CU9 hotfix 19.12.9100.6",
"status": "affected",
"version": "1912 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU5 hotfix 22.03.5100.11",
"status": "affected",
"version": "2203 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU1 hotfix 24.02.1200.16",
"status": "affected",
"version": "2402 LTSR",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLimited remote code execution with privilege of a NetworkService Account access\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCitrix Session Recording if the a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ettacker is an authenticated user on the same intranet as the session recording server \u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:01:15.375Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Limited remote code execution with privilege of a NetworkService Account access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8069",
"datePublished": "2024-11-12T18:01:15.375Z",
"dateReserved": "2024-08-21T23:22:40.773Z",
"dateUpdated": "2025-10-21T22:55:36.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8068 (GCVE-0-2024-8068)
Vulnerability from cvelistv5 – Published: 2024-11-12 17:49 – Updated: 2025-10-21 22:55
VLAI?
Summary
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Session Recording |
Affected:
2407 Current Release , < 24.5.200.8
(patch)
Affected: 1912 LTSR , < CU9 hotfix 19.12.9100.6 (patch) Affected: 2203 LTSR , < CU5 hotfix 22.03.5100.11 (patch) Affected: 2402 LTSR , < CU1 hotfix 24.02.1200.16 (patch) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8068",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T03:55:20.058684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:37.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-25T00:00:00+00:00",
"value": "CVE-2024-8068 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Session Recording",
"vendor": "Citrix",
"versions": [
{
"lessThan": "24.5.200.8",
"status": "affected",
"version": "2407 Current Release",
"versionType": "patch"
},
{
"lessThan": "CU9 hotfix 19.12.9100.6",
"status": "affected",
"version": "1912 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU5 hotfix 22.03.5100.11",
"status": "affected",
"version": "2203 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU1 hotfix 24.02.1200.16",
"status": "affected",
"version": "2402 LTSR",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePrivilege escalation to NetworkService Account access\u003c/span\u003e\u0026nbsp;in Citrix Session Recording when an a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ettacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Privilege escalation to NetworkService Account access\u00a0in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T17:49:54.285Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation to NetworkService Account access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8068",
"datePublished": "2024-11-12T17:49:54.285Z",
"dateReserved": "2024-08-21T23:22:39.410Z",
"dateUpdated": "2025-10-21T22:55:37.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7890 (GCVE-0-2024-7890)
Vulnerability from cvelistv5 – Published: 2024-09-11 22:32 – Updated: 2024-09-13 17:30
VLAI?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
Current Release (CR) 0 , < 2405
(patch)
Affected: Long Term Service Release (LTSR) 0 , < 2402 LTSR CU1 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402_cu1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T03:55:28.595311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:30:03.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "Current Release (CR) 0",
"versionType": "patch"
},
{
"lessThan": "2402 LTSR CU1",
"status": "affected",
"version": "Long Term Service Release (LTSR) 0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-09-10T22:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eLocal privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T22:32:17.479Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-7890",
"datePublished": "2024-09-11T22:32:17.479Z",
"dateReserved": "2024-08-16T16:50:37.055Z",
"dateUpdated": "2024-09-13T17:30:03.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7889 (GCVE-0-2024-7889)
Vulnerability from cvelistv5 – Published: 2024-09-11 22:16 – Updated: 2024-09-13 17:29
VLAI?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
Current Release (CR) , < 2405
(patch)
Affected: Long Term Service Release (LTSR) , < 2402 LTSR CU1 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402_cu1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T03:55:27.338267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:29:12.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "Current Release (CR)",
"versionType": "patch"
},
{
"lessThan": "2402 LTSR CU1",
"status": "affected",
"version": "Long Term Service Release (LTSR)",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-09-10T22:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLocal privilege escalation allows a low-privileged user to gain SYSTEM privileges\u003c/span\u003e\u0026nbsp;in\u0026nbsp;Citrix Workspace app for Windows"
}
],
"value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T22:16:41.209Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-7889",
"datePublished": "2024-09-11T22:16:41.209Z",
"dateReserved": "2024-08-16T16:50:35.785Z",
"dateUpdated": "2024-09-13T17:29:12.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6677 (GCVE-0-2024-6677)
Vulnerability from cvelistv5 – Published: 2024-07-12 02:41 – Updated: 2025-03-25 17:46
VLAI?
Summary
Privilege escalation in uberAgent
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:uberagent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uberagent",
"vendor": "citrix",
"versions": [
{
"lessThan": "7.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:26:52.530634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T17:46:04.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX691103/citrix-uberagent-security-bulletin-for-cve20246677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "uberAgent",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "7.2",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-12T02:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePrivilege escalation\u003c/span\u003e in uberAgent"
}
],
"value": "Privilege escalation in uberAgent"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T02:41:17.327Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX691103/citrix-uberagent-security-bulletin-for-cve20246677"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6677",
"datePublished": "2024-07-12T02:41:17.327Z",
"dateReserved": "2024-07-10T23:48:25.455Z",
"dateUpdated": "2025-03-25T17:46:04.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6149 (GCVE-0-2024-6149)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:42 – Updated: 2024-10-29 20:57
VLAI?
Summary
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for HTML5 |
Affected:
2404 , < 1
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:48:17.083768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:57:34.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for HTML5",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2404",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eRedirection of users to a vulnerable URL\u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for HTML5\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Redirection of users to a vulnerable URL in\u00a0Citrix Workspace app for HTML5"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:42:20.488Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678037"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6149",
"datePublished": "2024-07-10T20:42:20.488Z",
"dateReserved": "2024-06-18T21:14:33.106Z",
"dateUpdated": "2024-10-29T20:57:34.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6148 (GCVE-0-2024-6148)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:40 – Updated: 2025-03-25 16:40
VLAI?
Summary
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for HTML5 |
Affected:
2404 , < 1
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:56:38.688577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:40:45.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for HTML5",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2404",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eBypass of GACS Policy Configuration settings\u003c/span\u003e\u003c/b\u003e in \u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for HTML5\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:40:07.129Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678037"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6148",
"datePublished": "2024-07-10T20:40:07.129Z",
"dateReserved": "2024-06-18T21:14:31.903Z",
"dateUpdated": "2025-03-25T16:40:45.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6150 (GCVE-0-2024-6150)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:31 – Updated: 2024-10-29 18:21
VLAI?
Summary
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Provisioning |
Affected:
2402 , < 0
(patch)
Affected: 22.3 LTSR , < CU5 (patch) Affected: 1912 LTSR , < CU9 (patch) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:46:53.544580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T18:21:15.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Provisioning",
"vendor": "Citrix",
"versions": [
{
"lessThan": "0",
"status": "affected",
"version": "2402",
"versionType": "patch"
},
{
"lessThan": "CU5",
"status": "affected",
"version": "22.3 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU9",
"status": "affected",
"version": "1912 LTSR",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T20:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eA non-admin user can cause short-term disruption in Target VM availability\u0026nbsp;\u003c/span\u003e\u003c/b\u003ein\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;Citrix Provisioning\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "A non-admin user can cause short-term disruption in Target VM availability\u00a0in\u00a0Citrix Provisioning"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:31:26.370Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6150",
"datePublished": "2024-07-10T20:31:26.370Z",
"dateReserved": "2024-06-18T21:14:34.056Z",
"dateUpdated": "2024-10-29T18:21:15.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6286 (GCVE-0-2024-6286)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:25 – Updated: 2024-08-01 21:33
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
2403 , < 1
(patch)
Affected: 2402 LTSR , < 0 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace:-:*:*:*:-:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace",
"vendor": "citrix",
"versions": [
{
"lessThan": "2403.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace:-:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T03:55:35.410636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T12:55:40.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2403",
"versionType": "patch"
},
{
"lessThan": "0",
"status": "affected",
"version": "2402 LTSR",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T20:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges \u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for Windows\u003c/span\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:25:21.414Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678036"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6286",
"datePublished": "2024-07-10T20:25:21.414Z",
"dateReserved": "2024-06-24T15:14:48.157Z",
"dateUpdated": "2024-08-01T21:33:05.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6151 (GCVE-0-2024-6151)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:21 – Updated: 2024-08-01 21:33
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Windows Virtual Delivery Agent |
Affected:
2402 , < 0
(patch)
Affected: 1912 LTSR , < CU9 (patch) Affected: 2203 LTSR , < CU5 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_apps_and_desktops",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "CU9",
"status": "affected",
"version": "1912 LTSR",
"versionType": "custom"
},
{
"lessThan": "CU5",
"status": "affected",
"version": "2203 LTSR",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T03:55:19.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Windows Virtual Delivery Agent",
"vendor": "Citrix",
"versions": [
{
"lessThan": "0",
"status": "affected",
"version": "2402",
"versionType": "patch"
},
{
"lessThan": "CU9",
"status": "affected",
"version": "1912 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU5",
"status": "affected",
"version": "2203 LTSR",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T20:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges\u0026nbsp;\u003c/span\u003e\u003c/b\u003ein\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eVirtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS\u003c/span\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:21:25.554Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678035"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6151",
"datePublished": "2024-07-10T20:21:25.554Z",
"dateReserved": "2024-06-18T21:14:34.928Z",
"dateUpdated": "2024-08-01T21:33:04.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6236 (GCVE-0-2024-6236)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:18 – Updated: 2025-08-27 20:42
VLAI?
Summary
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
Severity ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSclaer | NetScaler Console |
Affected:
14.1 , < 25.53
(patch)
Affected: 13.1 , < 52.25 (patch) Affected: 13.0 , < 92.31 (patch) |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netscaler_console",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netscaler_console",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:netscaler_console:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netscaler_console",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "agent",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "agent",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "agent",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdx",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdx",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netscaler:sdx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdx",
"vendor": "netscaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T17:23:21.359193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler Console",
"vendor": "NetSclaer",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Agent",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDX",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "52.25",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T20:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eDenial of Service \u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eNetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Denial of Service in\u00a0NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:18:04.274Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6236",
"datePublished": "2024-07-10T20:18:04.274Z",
"dateReserved": "2024-06-21T01:16:39.466Z",
"dateUpdated": "2025-08-27T20:42:59.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6235 (GCVE-0-2024-6235)
Vulnerability from cvelistv5 – Published: 2024-07-10 19:07 – Updated: 2025-04-23 03:56
VLAI?
Summary
Sensitive information disclosure in NetScaler Console
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetScaler | NetScaler Console |
Affected:
14.1 , < 25.53
(patch)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_console:14.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "netscaler_console",
"vendor": "citrix",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6235",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T03:56:02.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler Console",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eSensitive information disclosure\u003c/span\u003e\u003c/b\u003e\u0026nbsp;in\u0026nbsp;NetScaler Console"
}
],
"value": "Sensitive information disclosure\u00a0in\u00a0NetScaler Console"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T19:07:58.885Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6235",
"datePublished": "2024-07-10T19:07:58.885Z",
"dateReserved": "2024-06-21T01:16:38.319Z",
"dateUpdated": "2025-04-23T03:56:02.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5492 (GCVE-0-2024-5492)
Vulnerability from cvelistv5 – Published: 2024-07-10 19:04 – Updated: 2024-08-01 21:11
VLAI?
Summary
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetSclaer | NetScaler ADC |
Affected:
14.1 , < 25.53
(patch)
Affected: 13.1 , < 53.17 (patch) Affected: 13.0 , < 92.13 (patch) Affected: 13.1-FIPS , < 37.183 (patch) Affected: 12.1-FIPS , < 55.304 (patch) Affected: 12.1-NDcPP , < 55.304 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netscaler_application_delivery_controller",
"vendor": "citrix",
"versions": [
{
"lessThan": "14.1-25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "13.1-53.17",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "13.0-92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
},
{
"lessThan": "13.1-37.183",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "custom"
},
{
"lessThan": "12.1-55.304",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "custom"
},
{
"lessThan": "12.1-55.304",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netscaler_gateway",
"vendor": "citrix",
"versions": [
{
"lessThan": "14.1-25.53",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "13.1-53.17",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "13.0-92.31",
"status": "affected",
"version": "13.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T20:06:46.037235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T20:15:15.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetSclaer",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.13",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.183",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpen redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites\u003c/span\u003e\u0026nbsp;in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites\u00a0in NetScaler ADC and NetScaler Gateway"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T19:04:40.775Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-5492",
"datePublished": "2024-07-10T19:04:40.775Z",
"dateReserved": "2024-05-29T20:16:36.573Z",
"dateUpdated": "2024-08-01T21:11:12.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5491 (GCVE-0-2024-5491)
Vulnerability from cvelistv5 – Published: 2024-07-10 18:56 – Updated: 2024-11-01 15:22
VLAI?
Summary
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetScaler | NetScaler ADC |
Affected:
14.1 , < 25.53
(patch)
Affected: 13.1 , < 53.17 (patch) Affected: 13.0 , < 92.31 (patch) Affected: 13.1-FIPS , < 37.183 (patch) Affected: 12.1-FIPS , < 55.304 (patch) Affected: 12.1-NDcPP , < 55.304 (patch) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T20:25:24.933103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:22:05.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.183",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.304",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "25.53",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "53.17",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.31",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T18:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
],
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T18:56:08.095Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-5491",
"datePublished": "2024-07-10T18:56:08.095Z",
"dateReserved": "2024-05-29T20:16:35.305Z",
"dateUpdated": "2024-11-01T15:22:05.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}