All the vulnerabilites related to Citrix - Citrix Workspace app for Windows
cve-2023-24484
Vulnerability from cvelistv5
Published
2023-02-16 00:00
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Citrix | Citrix Workspace App for Windows |
Version: Citrix Workspace App versions < 2212 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:56:04.298Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Citrix Workspace App for Windows", "vendor": "Citrix", "versions": [ { "changes": [ { "at": "2203 LTSR before CU2 ", "status": "unaffected" }, { "at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ", "status": "unaffected" } ], "lessThan": "2212", "status": "affected", "version": "Citrix Workspace App versions", "versionType": "custom" } ] } ], "datePublic": "2023-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious user can cause log files to be written to a directory that they do not have permission to write to." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T00:00:00", "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix" }, "references": [ { "url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485" } ], "source": { "discovery": "UNKNOWN" }, "title": "A malicious user can cause log files to be written to a directory that they do not have permission to write to.", "workarounds": [ { "lang": "en", "value": "These vulnerabilities are only exposed by a Windows Administrator or SYSTEM process (e.g. SCCM) performing the installation or uninstallation of a vulnerable version of Citrix Workspace App. Customers will only be affected by these vulnerabilities if they perform these actions using a vulnerable version of Citrix Workspace app for Windows." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "assignerShortName": "Citrix", "cveId": "CVE-2023-24484", "datePublished": "2023-02-16T00:00:00", "dateReserved": "2023-01-24T00:00:00", "dateUpdated": "2024-08-02T10:56:04.298Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7890
Vulnerability from cvelistv5
Published
2024-09-11 22:32
Modified
2024-09-13 17:30
Severity ?
EPSS score ?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Citrix | Citrix Workspace app for Windows |
Version: Current Release (CR) 0 Version: Long Term Service Release (LTSR) 0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*" ], "defaultStatus": "unaffected", "product": "workspace_app", "vendor": "citrix", "versions": [ { "lessThan": "2405", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*" ], "defaultStatus": "unaffected", "product": "workspace_app", "vendor": "citrix", "versions": [ { "lessThan": "2402_cu1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7890", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-12T03:55:28.595311Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T17:30:03.503Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Citrix Workspace app for Windows", "vendor": "Citrix", "versions": [ { "lessThan": "2405", "status": "affected", "version": "Current Release (CR) 0", "versionType": "patch" }, { "lessThan": "2402 LTSR CU1", "status": "affected", "version": "Long Term Service Release (LTSR) 0", "versionType": "patch" } ] } ], "datePublic": "2024-09-10T22:28:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eLocal privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows\u003c/span\u003e\u003cbr\u003e" } ], "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T22:32:17.479Z", "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix" }, "references": [ { "url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US" } ], "source": { "discovery": "UNKNOWN" }, "title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "assignerShortName": "Citrix", "cveId": "CVE-2024-7890", "datePublished": "2024-09-11T22:32:17.479Z", "dateReserved": "2024-08-16T16:50:37.055Z", "dateUpdated": "2024-09-13T17:30:03.503Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7889
Vulnerability from cvelistv5
Published
2024-09-11 22:16
Modified
2024-09-13 17:29
Severity ?
EPSS score ?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Citrix | Citrix Workspace app for Windows |
Version: Current Release (CR) Version: Long Term Service Release (LTSR) |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*" ], "defaultStatus": "unaffected", "product": "workspace_app", "vendor": "citrix", "versions": [ { "lessThan": "2405", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*" ], "defaultStatus": "unaffected", "product": "workspace_app", "vendor": "citrix", "versions": [ { "lessThan": "2402_cu1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7889", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-12T03:55:27.338267Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-664", "description": "CWE-664 Improper Control of a Resource Through its Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T17:29:12.344Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Citrix Workspace app for Windows", "vendor": "Citrix", "versions": [ { "lessThan": "2405", "status": "affected", "version": "Current Release (CR)", "versionType": "patch" }, { "lessThan": "2402 LTSR CU1", "status": "affected", "version": "Long Term Service Release (LTSR)", "versionType": "patch" } ] } ], "datePublic": "2024-09-10T22:12:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLocal privilege escalation allows a low-privileged user to gain SYSTEM privileges\u003c/span\u003e\u0026nbsp;in\u0026nbsp;Citrix Workspace app for Windows" } ], "value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-11T22:16:41.209Z", "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix" }, "references": [ { "url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US" } ], "source": { "discovery": "UNKNOWN" }, "title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "assignerShortName": "Citrix", "cveId": "CVE-2024-7889", "datePublished": "2024-09-11T22:16:41.209Z", "dateReserved": "2024-08-16T16:50:35.785Z", "dateUpdated": "2024-09-13T17:29:12.344Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6286
Vulnerability from cvelistv5
Published
2024-07-10 20:25
Modified
2024-08-01 21:33
Severity ?
EPSS score ?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Citrix | Citrix Workspace app for Windows |
Version: 2403 Version: 2402 LTSR |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:citrix:workspace:-:*:*:*:-:windows:*:*" ], "defaultStatus": "unaffected", "product": "workspace", "vendor": "citrix", "versions": [ { "lessThan": "2403.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:citrix:workspace:-:*:*:*:ltsr:windows:*:*" ], "defaultStatus": "unaffected", "product": "workspace", "vendor": "citrix", "versions": [ { "lessThan": "2402", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6286", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T03:55:35.410636Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-11T12:55:40.673Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:05.352Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.citrix.com/article/CTX678036" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Citrix Workspace app for Windows", "vendor": "Citrix", "versions": [ { "lessThan": "1", "status": "affected", "version": "2403", "versionType": "patch" }, { "lessThan": "0", "status": "affected", "version": "2402 LTSR", "versionType": "patch" } ] } ], "datePublic": "2024-07-09T20:23:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges \u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for Windows\u003c/span\u003e" } ], "value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows" } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-10T20:25:21.414Z", "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix" }, "references": [ { "url": "https://support.citrix.com/article/CTX678036" } ], "source": { "discovery": "UNKNOWN" }, "title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "assignerShortName": "Citrix", "cveId": "CVE-2024-6286", "datePublished": "2024-07-10T20:25:21.414Z", "dateReserved": "2024-06-24T15:14:48.157Z", "dateUpdated": "2024-08-01T21:33:05.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24485
Vulnerability from cvelistv5
Published
2023-02-16 00:00
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Citrix | Citrix Workspace App for Windows |
Version: Citrix Workspace App versions < 2212 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:56:04.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Citrix Workspace App for Windows", "vendor": "Citrix", "versions": [ { "changes": [ { "at": "2203 LTSR before CU2 ", "status": "unaffected" }, { "at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ", "status": "unaffected" } ], "lessThan": "2212", "status": "affected", "version": "Citrix Workspace App versions", "versionType": "custom" } ] } ], "datePublic": "2023-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T00:00:00", "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix" }, "references": [ { "url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485" } ], "source": { "discovery": "UNKNOWN" }, "title": "Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows", "workarounds": [ { "lang": "en", "value": "These vulnerabilities are only exposed by a Windows Administrator or SYSTEM process (e.g. SCCM) performing the installation or uninstallation of a vulnerable version of Citrix Workspace App. Customers will only be affected by these vulnerabilities if they perform these actions using a vulnerable version of Citrix Workspace app for Windows." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "assignerShortName": "Citrix", "cveId": "CVE-2023-24485", "datePublished": "2023-02-16T00:00:00", "dateReserved": "2023-01-24T00:00:00", "dateUpdated": "2024-08-02T10:56:04.241Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }