Search criteria
90 vulnerabilities found for application_delivery_controller_firmware by citrix
FKIE_CVE-2019-18177
Vulnerability from fkie_nvd - Published: 2022-12-26 21:15 - Updated: 2025-04-14 18:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | * | |
| citrix | application_delivery_controller | - | |
| citrix | gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB78C7DE-C985-44CC-9917-7B7B40104D50",
"versionEndExcluding": "13.0-58.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF4ABEE-D1F0-408C-A80D-C204D0C164EF",
"versionEndExcluding": "13.0-58.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update."
},
{
"lang": "es",
"value": "En ciertos productos Citrix, un usuario de VPN autenticado puede lograr la divulgaci\u00f3n de informaci\u00f3n cuando hay un endpoint de VPN SSL configurado. Esto afecta a Citrix ADC y Citrix Gateway 13.0-58.30 y versiones posteriores antes de la actualizaci\u00f3n CTX276688."
}
],
"id": "CVE-2019-18177",
"lastModified": "2025-04-14T18:15:18.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-26T21:15:10.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-27518
Vulnerability from fkie_nvd - Published: 2022-12-13 17:15 - Updated: 2025-10-24 13:43
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unauthenticated remote arbitrary code execution
References
Impacted products
{
"cisaActionDue": "2023-01-03",
"cisaExploitAdd": "2022-12-13",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
"matchCriteriaId": "59CA6CB8-1B2C-4265-82ED-802D4D387EAD",
"versionEndExcluding": "12.1-55.291",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
"matchCriteriaId": "0FB77A6C-768D-4084-924B-5F0607FE6D83",
"versionEndExcluding": "12.1-55.291",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0B760B-B3B6-442A-8C54-AA8A6D63660B",
"versionEndExcluding": "12.1-65.25",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBF9BE3-E779-4621-8409-1A61DA07F6FF",
"versionEndExcluding": "13.0-58.32",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4301CB-EBF3-41D7-8A17-7E0B9E452780",
"versionEndExcluding": "12.1-65.25",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9F0308-2BD3-403F-B90E-EEB1B6845627",
"versionEndExcluding": "13.0-58.32",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote arbitrary code execution\n"
},
{
"lang": "es",
"value": "Ejecuci\u00f3n remota de c\u00f3digo arbitrario no autenticado"
}
],
"id": "CVE-2022-27518",
"lastModified": "2025-10-24T13:43:42.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-13T17:15:14.350",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX474995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX474995"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27518"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-664"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27516
Vulnerability from fkie_nvd - Published: 2022-11-08 22:15 - Updated: 2024-11-21 06:55
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
User login brute force protection functionality bypass
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "710A9915-E94D-4AB3-9077-904185CD835C",
"versionEndExcluding": "12.1-65.21",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A12502-B9D9-4ED0-9E90-F27317338831",
"versionEndExcluding": "13.0-88.12",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF90FACB-1523-48D4-AAA5-22BFED45475E",
"versionEndExcluding": "13.1-33.47",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0DD814B7-CD70-4AAA-B8C5-AEF4DBD1055A",
"versionEndExcluding": "12.1-65.21",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "51A18C6F-58A9-4924-AEBA-2AC1846055BA",
"versionEndExcluding": "13.0-88.12",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BBEEB7CC-13B3-49D9-9C1C-B31A8274943E",
"versionEndExcluding": "13.1-33.47",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
"matchCriteriaId": "9A9A7C22-9E06-45AF-8A7C-8BEB12FDDFE2",
"versionEndExcluding": "12.1-55.289",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
"matchCriteriaId": "78FC158E-7881-448B-A2BA-19CBC3BF646C",
"versionEndExcluding": "12.1-55.289",
"versionStartIncluding": "12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User login brute force protection functionality bypass \n"
},
{
"lang": "es",
"value": "Omisi\u00f3n de la funcionalidad de protecci\u00f3n de fuerza bruta de inicio de sesi\u00f3n de usuario"
}
],
"id": "CVE-2022-27516",
"lastModified": "2024-11-21T06:55:52.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-08T22:15:13.633",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27513
Vulnerability from fkie_nvd - Published: 2022-11-08 22:15 - Updated: 2024-11-21 06:55
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Remote desktop takeover via phishing
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "710A9915-E94D-4AB3-9077-904185CD835C",
"versionEndExcluding": "12.1-65.21",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A12502-B9D9-4ED0-9E90-F27317338831",
"versionEndExcluding": "13.0-88.12",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C237286-B459-4FF4-810A-13740D2207E3",
"versionEndExcluding": "13.1-33.41",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0DD814B7-CD70-4AAA-B8C5-AEF4DBD1055A",
"versionEndExcluding": "12.1-65.21",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "51A18C6F-58A9-4924-AEBA-2AC1846055BA",
"versionEndExcluding": "13.0-88.12",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BBEEB7CC-13B3-49D9-9C1C-B31A8274943E",
"versionEndExcluding": "13.1-33.47",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
"matchCriteriaId": "9A9A7C22-9E06-45AF-8A7C-8BEB12FDDFE2",
"versionEndExcluding": "12.1-55.289",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
"matchCriteriaId": "78FC158E-7881-448B-A2BA-19CBC3BF646C",
"versionEndExcluding": "12.1-55.289",
"versionStartIncluding": "12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote desktop takeover via phishing \n"
},
{
"lang": "es",
"value": "Adquisici\u00f3n de escritorio remoto mediante phishing"
}
],
"id": "CVE-2022-27513",
"lastModified": "2024-11-21T06:55:52.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-08T22:15:13.313",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27510
Vulnerability from fkie_nvd - Published: 2022-11-08 22:15 - Updated: 2024-11-21 06:55
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unauthorized access to Gateway user capabilities
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "710A9915-E94D-4AB3-9077-904185CD835C",
"versionEndExcluding": "12.1-65.21",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A12502-B9D9-4ED0-9E90-F27317338831",
"versionEndExcluding": "13.0-88.12",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C237286-B459-4FF4-810A-13740D2207E3",
"versionEndExcluding": "13.1-33.41",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "0DD814B7-CD70-4AAA-B8C5-AEF4DBD1055A",
"versionEndExcluding": "12.1-65.21",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "51A18C6F-58A9-4924-AEBA-2AC1846055BA",
"versionEndExcluding": "13.0-88.12",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BBEEB7CC-13B3-49D9-9C1C-B31A8274943E",
"versionEndExcluding": "13.1-33.47",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
"matchCriteriaId": "9A9A7C22-9E06-45AF-8A7C-8BEB12FDDFE2",
"versionEndExcluding": "12.1-55.289",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
"matchCriteriaId": "78FC158E-7881-448B-A2BA-19CBC3BF646C",
"versionEndExcluding": "12.1-55.289",
"versionStartIncluding": "12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized access to Gateway user capabilities \n"
},
{
"lang": "es",
"value": "Acceso no autorizado a las capacidades del usuario de Gateway"
}
],
"id": "CVE-2022-27510",
"lastModified": "2024-11-21T06:55:52.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-08T22:15:13.020",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27509
Vulnerability from fkie_nvd - Published: 2022-07-28 14:15 - Updated: 2024-11-21 06:55
Severity ?
Summary
Unauthenticated redirection to a malicious website
References
| URL | Tags | ||
|---|---|---|---|
| secure@citrix.com | https://support.citrix.com/article/CTX457836 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX457836 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61981F03-ECC8-43E0-80E6-0A689F3D783F",
"versionEndExcluding": "12.1-65.15",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D911A3-F43F-448D-B861-CE1CA3DF2504",
"versionEndExcluding": "13.0-86.17",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE32178-CFBE-4F01-BB47-80C205BDA33F",
"versionEndExcluding": "13.1-24.38",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF33AE6-08BD-46FF-8833-20D2849F09EE",
"versionEndExcluding": "12.1-65.15",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7439391A-903B-488E-A402-65C6AA1CEA02",
"versionEndExcluding": "13.0-86.17",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0699EDF2-D5F6-43B5-AE5C-2CC6630B0722",
"versionEndExcluding": "13.1-24.38",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
"matchCriteriaId": "56FEAF85-756E-4022-A9BF-E0E46AFA1936",
"versionEndExcluding": "12.1-55.282",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
"matchCriteriaId": "C75D1B42-41FB-4C4E-A7E1-79DF4C258C0F",
"versionEndExcluding": "12.1-55.282",
"versionStartIncluding": "12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated redirection to a malicious website"
},
{
"lang": "es",
"value": "Un redireccionamiento no autenticado a un sitio web malicioso"
}
],
"id": "CVE-2022-27509",
"lastModified": "2024-11-21T06:55:51.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T14:15:08.380",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX457836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX457836"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22956
Vulnerability from fkie_nvd - Published: 2021-12-07 14:15 - Updated: 2024-11-21 05:51
Severity ?
Summary
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX330728 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX330728 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB94B59-4AA0-4144-B174-FFDD2EB9D2B4",
"versionEndExcluding": "11.1-65.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C076C750-AC7C-48DD-86B2-EB69FA14467F",
"versionEndExcluding": "12.1-63.22",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F3ACE6-B0F6-4E27-9DD8-EFEC98A7ACB4",
"versionEndExcluding": "13.0-83.27",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7C2760-C923-4D70-B9BA-9905CBD7A72C",
"versionEndExcluding": "11.1-65.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC9E148-82D8-4032-9E30-3A40362FEF29",
"versionEndExcluding": "12.1-63.22",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1153F3C5-BEDB-4697-A57C-E0B5621ACC2A",
"versionEndExcluding": "13.0-65.23",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sd-wan:*:*:*:*:wanop:*:*:*",
"matchCriteriaId": "00C0944E-937D-42CD-A117-BB4ECAE52B61",
"versionEndExcluding": "10.2.9c",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sd-wan:*:*:*:*:wanop:*:*:*",
"matchCriteriaId": "72E4366D-5278-45B1-8A14-0A3F7CD5F398",
"versionEndExcluding": "11.4.2",
"versionStartIncluding": "11.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled resource consumption vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de consumo no controlado de recursos en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que podr\u00eda permitir a un atacante con acceso a NSIP o SNIP con acceso a la interfaz de administraci\u00f3n causar una interrupci\u00f3n temporal de la GUI de administraci\u00f3n, la API Nitro y la comunicaci\u00f3n RPC"
}
],
"id": "CVE-2021-22956",
"lastModified": "2024-11-21T05:51:00.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-07T14:15:08.943",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX330728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22955
Vulnerability from fkie_nvd - Published: 2021-12-07 14:15 - Updated: 2024-11-21 05:51
Severity ?
Summary
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX330728 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX330728 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609476CC-EB28-4FC2-8035-1C8A0F6F5573",
"versionEndIncluding": "11.1-65.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C076C750-AC7C-48DD-86B2-EB69FA14467F",
"versionEndExcluding": "12.1-63.22",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F3ACE6-B0F6-4E27-9DD8-EFEC98A7ACB4",
"versionEndExcluding": "13.0-83.27",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7C2760-C923-4D70-B9BA-9905CBD7A72C",
"versionEndExcluding": "11.1-65.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC9E148-82D8-4032-9E30-3A40362FEF29",
"versionEndExcluding": "12.1-63.22",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA42F00-61CF-44DB-9C16-C3EDD3960548",
"versionEndExcluding": "13.0-83.27",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A unauthenticated denial of service vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio no autenticada en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que, cuando es configurado como servidor virtual VPN (Gateway) o AAA, podr\u00eda permitir a un atacante causar una interrupci\u00f3n temporal de la GUI de administraci\u00f3n, la API Nitro y la comunicaci\u00f3n RPC"
}
],
"id": "CVE-2021-22955",
"lastModified": "2024-11-21T05:51:00.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-07T14:15:08.890",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX330728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22927
Vulnerability from fkie_nvd - Published: 2021-08-05 21:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX319135 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX319135 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92AEAC43-113D-456B-89C0-1872A67224AC",
"versionEndExcluding": "11.1-65.22",
"versionStartIncluding": "11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40FC22F7-EA37-48D7-822D-B66EE2B25FE2",
"versionEndExcluding": "12.1-62.27",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1035921-397B-4E88-AF1A-DF581B75B4B2",
"versionEndExcluding": "13.0-82.45",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BEBCAD2-581F-4217-8425-46C03584E673",
"versionEndExcluding": "12.1-55.238",
"versionStartIncluding": "12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB11BC1-0702-436F-BFE2-14B38B118D99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8569B182-D0A7-414B-B0A3-4DD2FAB44F69",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F60729DF-EDC8-4462-ABD2-6E4199F22701",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B789F02A-56CB-4871-9D9D-FAB0F31A72A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06699186-E7E4-463C-8844-77B2A750B985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69709C-885A-4F19-899D-A7B5CE7066EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492323D2-339D-404C-BB9B-E09ABB87FA2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB83185D-DD6F-47CD-B500-499F9EF65093",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4564E909-7F8E-40DF-B941-FFACC03B97B7",
"versionEndExcluding": "12.1-62.27",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5357D6-4995-4966-8B63-11E636AD58BC",
"versionEndExcluding": "13.0-82.45",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3B890B-5A0E-4B5A-A9E1-0C6DDF9524E6",
"versionEndExcluding": "11.1-65.22",
"versionStartIncluding": "11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Citrix ADC y Citrix Gateway versi\u00f3n 13.0-82.45, cuando es configurado el proveedor de servicios SAML que podr\u00eda permitir a un atacante secuestrar una sesi\u00f3n"
}
],
"id": "CVE-2021-22927",
"lastModified": "2024-11-21T05:50:56.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:11.643",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22919
Vulnerability from fkie_nvd - Published: 2021-08-05 21:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX319135 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX319135 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92AEAC43-113D-456B-89C0-1872A67224AC",
"versionEndExcluding": "11.1-65.22",
"versionStartIncluding": "11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40FC22F7-EA37-48D7-822D-B66EE2B25FE2",
"versionEndExcluding": "12.1-62.27",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1035921-397B-4E88-AF1A-DF581B75B4B2",
"versionEndExcluding": "13.0-82.45",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BEBCAD2-581F-4217-8425-46C03584E673",
"versionEndExcluding": "12.1-55.238",
"versionStartIncluding": "12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB11BC1-0702-436F-BFE2-14B38B118D99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8569B182-D0A7-414B-B0A3-4DD2FAB44F69",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F60729DF-EDC8-4462-ABD2-6E4199F22701",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B789F02A-56CB-4871-9D9D-FAB0F31A72A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06699186-E7E4-463C-8844-77B2A750B985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C69709C-885A-4F19-899D-A7B5CE7066EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492323D2-339D-404C-BB9B-E09ABB87FA2B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB83185D-DD6F-47CD-B500-499F9EF65093",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4564E909-7F8E-40DF-B941-FFACC03B97B7",
"versionEndExcluding": "12.1-62.27",
"versionStartIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5357D6-4995-4966-8B63-11E636AD58BC",
"versionEndExcluding": "13.0-82.45",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3B890B-5A0E-4B5A-A9E1-0C6DDF9524E6",
"versionEndExcluding": "11.1-65.22",
"versionStartIncluding": "11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B222CD-3235-4153-97B0-D8F6FF1FB7BE",
"versionEndExcluding": "10.2.9.b",
"versionStartIncluding": "10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22226FCE-A3D3-4FAB-909A-7922AAC3035A",
"versionEndExcluding": "11.2.3.b",
"versionStartIncluding": "11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A54438-E0DA-4134-87FE-D7BFE30A3BAA",
"versionEndExcluding": "11.3.2.a",
"versionStartIncluding": "11.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0A1FE7-9F5D-476E-A3E0-2B6260DE0366",
"versionEndExcluding": "11.4.0.a",
"versionStartIncluding": "11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25C848BC-98F7-41D4-A262-8B7EB304F4C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3979EFF-AE6E-4274-97E2-58C7E01C920E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38514675-1C15-460C-B34C-2633A8A36A78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Citrix ADC (conocido anteriormente como NetScaler ADC) y Citrix Gateway (conocido anteriormente como NetScaler Gateway), y en los modelos 4000-WO, 4100-WO, 5000-WO y 5100-WO de Citrix SD-WAN WANOP Edition. Estas vulnerabilidades, si son explotadas, podr\u00edan conllevar a el consumo total del limitado espacio de disco disponible en los dispositivos"
}
],
"id": "CVE-2021-22919",
"lastModified": "2024-11-21T05:50:54.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:10.997",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-18177 (GCVE-0-2019-18177)
Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 17:18
VLAI?
Summary
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-18177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:18:42.535851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:18:48.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18177",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2025-04-14T17:18:48.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27518 (GCVE-0-2022-27518)
Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
Unauthenticated remote arbitrary code execution
Severity ?
9.8 (Critical)
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Gateway, Citrix ADC |
Affected:
12.1
Affected: 13.0 Affected: 12.1 FIPs, NDcPP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX474995",
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX474995"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27518",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-20T20:56:29.075511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-12-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27518"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:30.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27518"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-13T00:00:00+00:00",
"value": "CVE-2022-27518 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Gateway, Citrix ADC ",
"vendor": "Citrix",
"versions": [
{
"status": "affected",
"version": "12.1"
},
{
"status": "affected",
"version": "13.0"
},
{
"status": "affected",
"version": "12.1 FIPs, NDcPP"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated remote arbitrary code execution\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Unauthenticated remote arbitrary code execution\n"
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664: Improper Control of a Resource Through its Lifetime ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T17:34:17.110Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX474995",
"url": "https://support.citrix.com/article/CTX474995"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated remote arbitrary code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27518",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:30.190Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27516 (GCVE-0-2022-27516)
Vulnerability from cvelistv5 – Published: 2022-11-08 21:26 – Updated: 2025-05-01 19:37
VLAI?
Summary
User login brute force protection functionality bypass
Severity ?
5.3 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Gateway, Citrix ADC |
Affected:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:36:54.388882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:37:07.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Gateway, Citrix ADC ",
"vendor": "Citrix",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2022-11-08T13:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUser login brute force protection functionality bypass \u003c/span\u003e \u003c/span\u003e \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "User login brute force protection functionality bypass \n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "User login brute force protection functionality bypass "
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T17:32:37.759Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User login brute force protection functionality bypass ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27516",
"datePublished": "2022-11-08T21:26:12.642Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:37:07.980Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27510 (GCVE-0-2022-27510)
Vulnerability from cvelistv5 – Published: 2022-11-08 21:26 – Updated: 2025-05-01 19:37
VLAI?
Summary
Unauthorized access to Gateway user capabilities
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Gateway, Citrix ADC |
Affected:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:37:28.774936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:37:47.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Gateway, Citrix ADC ",
"vendor": "Citrix",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2022-11-08T13:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthorized access to Gateway user capabilities \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Unauthorized access to Gateway user capabilities \n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T16:48:59.139Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized access to Gateway user capabilities ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27510",
"datePublished": "2022-11-08T21:26:10.688Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:37:47.278Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27513 (GCVE-0-2022-27513)
Vulnerability from cvelistv5 – Published: 2022-11-08 21:26 – Updated: 2025-05-01 19:38
VLAI?
Summary
Remote desktop takeover via phishing
Severity ?
8.3 (High)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Gateway, Citrix ADC |
Affected:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:38:05.874942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:38:16.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Gateway, Citrix ADC ",
"vendor": "Citrix",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2022-11-08T13:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRemote desktop takeover via phishing \u003c/span\u003e \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Remote desktop takeover via phishing \n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote desktop takeover via phishing "
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T17:10:16.426Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote desktop takeover via phishing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27513",
"datePublished": "2022-11-08T21:26:08.238Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:38:16.814Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27509 (GCVE-0-2022-27509)
Vulnerability from cvelistv5 – Published: 2022-07-28 13:11 – Updated: 2024-09-16 18:43
VLAI?
Summary
Unauthenticated redirection to a malicious website
Severity ?
No CVSS data available.
CWE
- Unauthenticated redirection to a malicious website
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citirx | Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway |
Affected:
13.1 , < 24.38
(custom)
Affected: 13.0 , < 86.17 (custom) Affected: 12.1 , < 65.15 (custom) |
Credits
James Kettle
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX457836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway",
"vendor": "Citirx",
"versions": [
{
"lessThan": "24.38",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "86.17",
"status": "affected",
"version": "13.0",
"versionType": "custom"
},
{
"lessThan": "65.15",
"status": "affected",
"version": "12.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Kettle"
}
],
"datePublic": "2022-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated redirection to a malicious website"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated redirection to a malicious website",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T13:11:43",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX457836"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated redirection to a malicious website",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@citrix.com",
"DATE_PUBLIC": "2022-07-26T22:20:00.000Z",
"ID": "CVE-2022-27509",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated redirection to a malicious website"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "13.1",
"version_value": "24.38"
},
{
"version_affected": "\u003c",
"version_name": "13.0",
"version_value": "86.17"
},
{
"version_affected": "\u003c",
"version_name": "12.1",
"version_value": "65.15"
}
]
}
}
]
},
"vendor_name": "Citirx"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Kettle"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated redirection to a malicious website"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated redirection to a malicious website"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX457836",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX457836"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27509",
"datePublished": "2022-07-28T13:11:43.072489Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-16T18:43:25.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22956 (GCVE-0-2021-22956)
Vulnerability from cvelistv5 – Published: 2021-12-07 13:12 – Updated: 2024-08-03 18:58
VLAI?
Summary
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN |
Affected:
Citrix ADC 11.1,12.1,13.0,13.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway, Citrix SDWAN",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC 11.1,12.1,13.0,13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled resource consumption vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T13:12:38",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN",
"version": {
"version_data": [
{
"version_value": "Citrix ADC 11.1,12.1,13.0,13.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An uncontrolled resource consumption vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX330728",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX330728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22956",
"datePublished": "2021-12-07T13:12:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22955 (GCVE-0-2021-22955)
Vulnerability from cvelistv5 – Published: 2021-12-07 13:12 – Updated: 2024-08-03 18:58
VLAI?
Summary
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway |
Affected:
Citrix ADC 111.1, 2.1, 13.0,13.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC 111.1, 2.1, 13.0,13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A unauthenticated denial of service vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T13:12:33",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway",
"version": {
"version_data": [
{
"version_value": "Citrix ADC 111.1, 2.1, 13.0,13.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A unauthenticated denial of service vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX330728",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX330728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22955",
"datePublished": "2021-12-07T13:12:33",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22919 (GCVE-0-2021-22919)
Vulnerability from cvelistv5 – Published: 2021-08-05 20:16 – Updated: 2024-08-03 18:58
VLAI?
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
Severity ?
No CVSS data available.
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP |
Affected:
Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:16:46",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP",
"version": {
"version_data": [
{
"version_value": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX319135",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX319135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22919",
"datePublished": "2021-08-05T20:16:46",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22927 (GCVE-0-2021-22927)
Vulnerability from cvelistv5 – Published: 2021-08-05 20:16 – Updated: 2024-08-03 18:58
VLAI?
Summary
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
Severity ?
No CVSS data available.
CWE
- CWE-384 - Session Fixation (CWE-384)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway |
Affected:
Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0
Affected: Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Affected: Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Affected: Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"
},
{
"status": "affected",
"version": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"
},
{
"status": "affected",
"version": "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1"
},
{
"status": "affected",
"version": "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "Session Fixation (CWE-384)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:16:42",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway",
"version": {
"version_data": [
{
"version_value": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"
},
{
"version_value": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"
},
{
"version_value": "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1"
},
{
"version_value": "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation (CWE-384)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX319135",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX319135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22927",
"datePublished": "2021-08-05T20:16:42",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18177 (GCVE-0-2019-18177)
Vulnerability from nvd – Published: 2022-12-26 00:00 – Updated: 2025-04-14 17:18
VLAI?
Summary
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-18177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:18:42.535851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:18:48.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18177",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2025-04-14T17:18:48.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27518 (GCVE-0-2022-27518)
Vulnerability from nvd – Published: 2022-12-13 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
Unauthenticated remote arbitrary code execution
Severity ?
9.8 (Critical)
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Gateway, Citrix ADC |
Affected:
12.1
Affected: 13.0 Affected: 12.1 FIPs, NDcPP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX474995",
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX474995"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27518",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-20T20:56:29.075511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-12-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27518"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:30.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27518"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-13T00:00:00+00:00",
"value": "CVE-2022-27518 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Gateway, Citrix ADC ",
"vendor": "Citrix",
"versions": [
{
"status": "affected",
"version": "12.1"
},
{
"status": "affected",
"version": "13.0"
},
{
"status": "affected",
"version": "12.1 FIPs, NDcPP"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated remote arbitrary code execution\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Unauthenticated remote arbitrary code execution\n"
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664: Improper Control of a Resource Through its Lifetime ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T17:34:17.110Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX474995",
"url": "https://support.citrix.com/article/CTX474995"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated remote arbitrary code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27518",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:30.190Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27516 (GCVE-0-2022-27516)
Vulnerability from nvd – Published: 2022-11-08 21:26 – Updated: 2025-05-01 19:37
VLAI?
Summary
User login brute force protection functionality bypass
Severity ?
5.3 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Gateway, Citrix ADC |
Affected:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:36:54.388882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:37:07.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Gateway, Citrix ADC ",
"vendor": "Citrix",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2022-11-08T13:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUser login brute force protection functionality bypass \u003c/span\u003e \u003c/span\u003e \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "User login brute force protection functionality bypass \n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "User login brute force protection functionality bypass "
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T17:32:37.759Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User login brute force protection functionality bypass ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27516",
"datePublished": "2022-11-08T21:26:12.642Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:37:07.980Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27510 (GCVE-0-2022-27510)
Vulnerability from nvd – Published: 2022-11-08 21:26 – Updated: 2025-05-01 19:37
VLAI?
Summary
Unauthorized access to Gateway user capabilities
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Gateway, Citrix ADC |
Affected:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:37:28.774936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:37:47.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Gateway, Citrix ADC ",
"vendor": "Citrix",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2022-11-08T13:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthorized access to Gateway user capabilities \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Unauthorized access to Gateway user capabilities \n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T16:48:59.139Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized access to Gateway user capabilities ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27510",
"datePublished": "2022-11-08T21:26:10.688Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:37:47.278Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27513 (GCVE-0-2022-27513)
Vulnerability from nvd – Published: 2022-11-08 21:26 – Updated: 2025-05-01 19:38
VLAI?
Summary
Remote desktop takeover via phishing
Severity ?
8.3 (High)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Gateway, Citrix ADC |
Affected:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:38:05.874942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:38:16.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Gateway, Citrix ADC ",
"vendor": "Citrix",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2022-11-08T13:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRemote desktop takeover via phishing \u003c/span\u003e \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Remote desktop takeover via phishing \n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote desktop takeover via phishing "
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T17:10:16.426Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"name": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516",
"url": "https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote desktop takeover via phishing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27513",
"datePublished": "2022-11-08T21:26:08.238Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:38:16.814Z",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27509 (GCVE-0-2022-27509)
Vulnerability from nvd – Published: 2022-07-28 13:11 – Updated: 2024-09-16 18:43
VLAI?
Summary
Unauthenticated redirection to a malicious website
Severity ?
No CVSS data available.
CWE
- Unauthenticated redirection to a malicious website
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citirx | Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway |
Affected:
13.1 , < 24.38
(custom)
Affected: 13.0 , < 86.17 (custom) Affected: 12.1 , < 65.15 (custom) |
Credits
James Kettle
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX457836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway",
"vendor": "Citirx",
"versions": [
{
"lessThan": "24.38",
"status": "affected",
"version": "13.1",
"versionType": "custom"
},
{
"lessThan": "86.17",
"status": "affected",
"version": "13.0",
"versionType": "custom"
},
{
"lessThan": "65.15",
"status": "affected",
"version": "12.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Kettle"
}
],
"datePublic": "2022-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated redirection to a malicious website"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated redirection to a malicious website",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T13:11:43",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX457836"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated redirection to a malicious website",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@citrix.com",
"DATE_PUBLIC": "2022-07-26T22:20:00.000Z",
"ID": "CVE-2022-27509",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated redirection to a malicious website"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Application Delivery Management (Citrix ADC) and Citrix Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "13.1",
"version_value": "24.38"
},
{
"version_affected": "\u003c",
"version_name": "13.0",
"version_value": "86.17"
},
{
"version_affected": "\u003c",
"version_name": "12.1",
"version_value": "65.15"
}
]
}
}
]
},
"vendor_name": "Citirx"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Kettle"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated redirection to a malicious website"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated redirection to a malicious website"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX457836",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX457836"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2022-27509",
"datePublished": "2022-07-28T13:11:43.072489Z",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-09-16T18:43:25.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22956 (GCVE-0-2021-22956)
Vulnerability from nvd – Published: 2021-12-07 13:12 – Updated: 2024-08-03 18:58
VLAI?
Summary
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN |
Affected:
Citrix ADC 11.1,12.1,13.0,13.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway, Citrix SDWAN",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC 11.1,12.1,13.0,13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled resource consumption vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T13:12:38",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway, Citrix SDWAN",
"version": {
"version_data": [
{
"version_value": "Citrix ADC 11.1,12.1,13.0,13.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An uncontrolled resource consumption vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX330728",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX330728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22956",
"datePublished": "2021-12-07T13:12:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22955 (GCVE-0-2021-22955)
Vulnerability from nvd – Published: 2021-12-07 13:12 – Updated: 2024-08-03 18:58
VLAI?
Summary
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway |
Affected:
Citrix ADC 111.1, 2.1, 13.0,13.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC 111.1, 2.1, 13.0,13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A unauthenticated denial of service vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T13:12:33",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX330728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway",
"version": {
"version_data": [
{
"version_value": "Citrix ADC 111.1, 2.1, 13.0,13.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A unauthenticated denial of service vulnerability exists in Citrix ADC \u003c13.0-83.27, \u003c12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX330728",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX330728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22955",
"datePublished": "2021-12-07T13:12:33",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22919 (GCVE-0-2021-22919)
Vulnerability from nvd – Published: 2021-08-05 20:16 – Updated: 2024-08-03 18:58
VLAI?
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
Severity ?
No CVSS data available.
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP |
Affected:
Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:16:46",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP",
"version": {
"version_data": [
{
"version_value": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX319135",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX319135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22919",
"datePublished": "2021-08-05T20:16:46",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22927 (GCVE-0-2021-22927)
Vulnerability from nvd – Published: 2021-08-05 20:16 – Updated: 2024-08-03 18:58
VLAI?
Summary
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
Severity ?
No CVSS data available.
CWE
- CWE-384 - Session Fixation (CWE-384)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ADC, Citrix Gateway |
Affected:
Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0
Affected: Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Affected: Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Affected: Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ADC, Citrix Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"
},
{
"status": "affected",
"version": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"
},
{
"status": "affected",
"version": "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1"
},
{
"status": "affected",
"version": "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "Session Fixation (CWE-384)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:16:42",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX319135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ADC, Citrix Gateway",
"version": {
"version_data": [
{
"version_value": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"
},
{
"version_value": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"
},
{
"version_value": "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1"
},
{
"version_value": "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation (CWE-384)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX319135",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX319135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22927",
"datePublished": "2021-08-05T20:16:42",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}