Search criteria
42 vulnerabilities found for workspace by citrix
FKIE_CVE-2025-4879
Vulnerability from fkie_nvd - Published: 2025-06-17 14:15 - Updated: 2025-08-06 17:31
Severity ?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:ltsr:windows:*:*",
"matchCriteriaId": "87EFF384-1928-4877-8D2C-A2D7178CD3FA",
"versionEndExcluding": "2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*",
"matchCriteriaId": "47D16991-345F-4B5B-B2C4-13D9AE2A1370",
"versionEndExcluding": "2409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2402:-:*:*:ltsr:windows:*:*",
"matchCriteriaId": "54058497-4D16-4C1F-8A75-D4C5F8B11FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2402:cu1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "8CB79352-9666-413E-AD98-268908ACAF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2402:cu2:*:*:ltsr:windows:*:*",
"matchCriteriaId": "DB40F284-689A-4649-9017-17239F0FF6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2402:cu3:*:*:ltsr:windows:*:*",
"matchCriteriaId": "F7A2207C-5660-420B-B06E-C5C37090FB95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"
},
{
"lang": "es",
"value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows"
}
],
"id": "CVE-2025-4879",
"lastModified": "2025-08-06T17:31:01.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2025-06-17T14:15:33.170",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-7890
Vulnerability from fkie_nvd - Published: 2024-09-11 23:15 - Updated: 2024-10-22 14:53
Severity ?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:ltsr:windows:*:*",
"matchCriteriaId": "9F223A0E-ACB8-4448-9F53-BEAC3420D3CF",
"versionEndExcluding": "2203.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "A1A14B8C-1B61-4682-AABE-4732B65E51BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu2:*:*:ltsr:windows:*:*",
"matchCriteriaId": "B7B2DFE4-4965-46F8-A8E6-28E88EE1E8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu3:*:*:ltsr:windows:*:*",
"matchCriteriaId": "8C9D0ACE-55C4-4AB3-AC48-91AF823A8D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu4:*:*:ltsr:windows:*:*",
"matchCriteriaId": "0F12A663-578A-43D8-B141-31EC36BC72C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu5:*:*:ltsr:windows:*:*",
"matchCriteriaId": "9AC216C0-F7A6-4B71-8F3E-76C6ACC71F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "D7906C9C-9414-42D0-84EF-6447C4E5980F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix2:*:*:ltsr:windows:*:*",
"matchCriteriaId": "2C6ABB6B-C406-42EC-B46A-E6FF478D7607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2402:-:*:*:ltsr:windows:*:*",
"matchCriteriaId": "54058497-4D16-4C1F-8A75-D4C5F8B11FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*",
"matchCriteriaId": "E588BF02-9C6F-4D41-8AF4-2DFFB2B06CA4",
"versionEndExcluding": "2405",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows"
},
{
"lang": "es",
"value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows"
}
],
"id": "CVE-2024-7890",
"lastModified": "2024-10-22T14:53:32.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2024-09-11T23:15:10.133",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-7889
Vulnerability from fkie_nvd - Published: 2024-09-11 23:15 - Updated: 2024-10-22 14:50
Severity ?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:ltsr:windows:*:*",
"matchCriteriaId": "9F223A0E-ACB8-4448-9F53-BEAC3420D3CF",
"versionEndExcluding": "2203.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "A1A14B8C-1B61-4682-AABE-4732B65E51BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu2:*:*:ltsr:windows:*:*",
"matchCriteriaId": "B7B2DFE4-4965-46F8-A8E6-28E88EE1E8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu3:*:*:ltsr:windows:*:*",
"matchCriteriaId": "8C9D0ACE-55C4-4AB3-AC48-91AF823A8D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu4:*:*:ltsr:windows:*:*",
"matchCriteriaId": "0F12A663-578A-43D8-B141-31EC36BC72C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu5:*:*:ltsr:windows:*:*",
"matchCriteriaId": "9AC216C0-F7A6-4B71-8F3E-76C6ACC71F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "D7906C9C-9414-42D0-84EF-6447C4E5980F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu6_hotfix2:*:*:ltsr:windows:*:*",
"matchCriteriaId": "2C6ABB6B-C406-42EC-B46A-E6FF478D7607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2402:-:*:*:ltsr:windows:*:*",
"matchCriteriaId": "54058497-4D16-4C1F-8A75-D4C5F8B11FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*",
"matchCriteriaId": "E588BF02-9C6F-4D41-8AF4-2DFFB2B06CA4",
"versionEndExcluding": "2405",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows"
},
{
"lang": "es",
"value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows"
}
],
"id": "CVE-2024-7889",
"lastModified": "2024-10-22T14:50:55.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2024-09-11T23:15:10.023",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-664"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-42423
Vulnerability from fkie_nvd - Published: 2024-09-10 15:15 - Updated: 2024-09-20 19:42
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55FBE111-682B-44FD-ADE0-D200F8C75EBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:thinos:2402:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA47B8D-21C0-4AF5-B975-DE6DA9D73FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55FBE111-682B-44FD-ADE0-D200F8C75EBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:thinos:2311:*:*:*:*:*:*:*",
"matchCriteriaId": "978B5780-26F5-46C8-BA60-66214E06AFFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering."
},
{
"lang": "es",
"value": "La versi\u00f3n 23.9.0.24.4 de la aplicaci\u00f3n Citrix Workspace en Dell ThinOS 2311 contiene una vulnerabilidad de autorizaci\u00f3n incorrecta cuando Citrix CEB est\u00e1 habilitado para WebLogin. Un usuario local no autenticado con privilegios bajos podr\u00eda aprovechar esta vulnerabilidad para eludir los controles existentes y realizar acciones no autorizadas que conduzcan a la divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2024-42423",
"lastModified": "2024-09-20T19:42:20.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-10T15:15:17.013",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229-security-update-for-dell-thinos-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-6286
Vulnerability from fkie_nvd - Published: 2024-07-10 21:15 - Updated: 2025-07-25 16:26
Severity ?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
References
| URL | Tags | ||
|---|---|---|---|
| secure@citrix.com | https://support.citrix.com/article/CTX678036 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX678036 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:ltsr:windows:*:*",
"matchCriteriaId": "9F223A0E-ACB8-4448-9F53-BEAC3420D3CF",
"versionEndExcluding": "2203.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*",
"matchCriteriaId": "08B93B34-C70C-452F-855E-92484E987ADD",
"versionEndExcluding": "2403.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:-:*:*:ltsr:windows:*:*",
"matchCriteriaId": "FEB0B74B-89A7-4194-8881-F35FEAE672BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "A1A14B8C-1B61-4682-AABE-4732B65E51BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu2:*:*:ltsr:windows:*:*",
"matchCriteriaId": "B7B2DFE4-4965-46F8-A8E6-28E88EE1E8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu3:*:*:ltsr:windows:*:*",
"matchCriteriaId": "8C9D0ACE-55C4-4AB3-AC48-91AF823A8D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu4:*:*:ltsr:windows:*:*",
"matchCriteriaId": "0F12A663-578A-43D8-B141-31EC36BC72C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu5:*:*:ltsr:windows:*:*",
"matchCriteriaId": "9AC216C0-F7A6-4B71-8F3E-76C6ACC71F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu6:*:*:ltsr:windows:*:*",
"matchCriteriaId": "272C4B0F-0409-456B-A6B3-8B822CD2E526",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"
},
{
"lang": "es",
"value": "La escalada de privilegios locales permite a un usuario con pocos privilegios obtener privilegios de SYSTEM en la aplicaci\u00f3n Citrix Workspace para Windows"
}
],
"id": "CVE-2024-6286",
"lastModified": "2025-07-25T16:26:47.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2024-07-10T21:15:11.210",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX678036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX678036"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-6149
Vulnerability from fkie_nvd - Published: 2024-07-10 21:15 - Updated: 2025-07-25 14:57
Severity ?
Summary
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
References
| URL | Tags | ||
|---|---|---|---|
| secure@citrix.com | https://support.citrix.com/article/CTX678037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX678037 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:*:html5:*:*",
"matchCriteriaId": "D74AF5CA-6403-4E3A-B651-C1C28389C562",
"versionEndExcluding": "2404.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redirection of users to a vulnerable URL in\u00a0Citrix Workspace app for HTML5"
},
{
"lang": "es",
"value": "Redirecci\u00f3n de usuarios a una URL vulnerable en la aplicaci\u00f3n Citrix Workspace para HTML5"
}
],
"id": "CVE-2024-6149",
"lastModified": "2025-07-25T14:57:39.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2024-07-10T21:15:10.830",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX678037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX678037"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-6148
Vulnerability from fkie_nvd - Published: 2024-07-10 21:15 - Updated: 2025-03-25 17:16
Severity ?
Summary
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
References
| URL | Tags | ||
|---|---|---|---|
| secure@citrix.com | https://support.citrix.com/article/CTX678037 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX678037 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:*:html5:*:*",
"matchCriteriaId": "D74AF5CA-6403-4E3A-B651-C1C28389C562",
"versionEndExcluding": "2404.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5"
},
{
"lang": "es",
"value": "Omitir los ajustes de configuraci\u00f3n de pol\u00edticas GACS en la aplicaci\u00f3n Citrix Workspace para HTML5"
}
],
"id": "CVE-2024-6148",
"lastModified": "2025-03-25T17:16:12.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2024-07-10T21:15:10.730",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX678037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX678037"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-24486
Vulnerability from fkie_nvd - Published: 2023-07-10 21:15 - Updated: 2024-11-21 07:47
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "06F0DC7A-F8DA-4B3F-8A1B-DC11A4394348",
"versionEndExcluding": "2302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched."
}
],
"id": "CVE-2023-24486",
"lastModified": "2024-11-21T07:47:57.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-07-10T21:15:10.600",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-24485
Vulnerability from fkie_nvd - Published: 2023-02-16 18:15 - Updated: 2025-03-19 15:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*",
"matchCriteriaId": "BF677539-1D84-4A05-A8AF-09723A3909D5",
"versionEndExcluding": "2212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:-:*:*:ltsr:windows:*:*",
"matchCriteriaId": "554F6592-C252-4B1D-ABEF-C4EE7EACF061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "3C032E97-4C37-4FE9-BD0E-3AC933489A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu1-hf1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "AECFCE88-901F-4025-AF58-BC7A9207CF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu2:*:*:ltsr:windows:*:*",
"matchCriteriaId": "179CEA0E-92D8-41A8-A2E2-B6808A2CAA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu3:*:*:ltsr:windows:*:*",
"matchCriteriaId": "998E9AAF-E239-4861-8377-B62330FAB903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu4:*:*:ltsr:windows:*:*",
"matchCriteriaId": "37D106D3-119F-4194-8F16-C3317248A4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu5:*:*:ltsr:windows:*:*",
"matchCriteriaId": "3078BBCA-DC94-4B7A-8B74-C012DB4A98A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu6:*:*:ltsr:windows:*:*",
"matchCriteriaId": "D826A570-C5C3-4E67-BABE-E1999C2AB60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:-:*:*:ltsr:windows:*:*",
"matchCriteriaId": "FEB0B74B-89A7-4194-8881-F35FEAE672BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "A1A14B8C-1B61-4682-AABE-4732B65E51BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app."
}
],
"id": "CVE-2023-24485",
"lastModified": "2025-03-19T15:15:44.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-16T18:15:12.133",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-24484
Vulnerability from fkie_nvd - Published: 2023-02-16 18:15 - Updated: 2025-03-18 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*",
"matchCriteriaId": "BF677539-1D84-4A05-A8AF-09723A3909D5",
"versionEndExcluding": "2212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:-:*:*:ltsr:windows:*:*",
"matchCriteriaId": "554F6592-C252-4B1D-ABEF-C4EE7EACF061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "3C032E97-4C37-4FE9-BD0E-3AC933489A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu1-hf1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "AECFCE88-901F-4025-AF58-BC7A9207CF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu2:*:*:ltsr:windows:*:*",
"matchCriteriaId": "179CEA0E-92D8-41A8-A2E2-B6808A2CAA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu3:*:*:ltsr:windows:*:*",
"matchCriteriaId": "998E9AAF-E239-4861-8377-B62330FAB903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu4:*:*:ltsr:windows:*:*",
"matchCriteriaId": "37D106D3-119F-4194-8F16-C3317248A4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu5:*:*:ltsr:windows:*:*",
"matchCriteriaId": "3078BBCA-DC94-4B7A-8B74-C012DB4A98A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:1912:cu6:*:*:ltsr:windows:*:*",
"matchCriteriaId": "D826A570-C5C3-4E67-BABE-E1999C2AB60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:-:*:*:ltsr:windows:*:*",
"matchCriteriaId": "FEB0B74B-89A7-4194-8881-F35FEAE672BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu1:*:*:ltsr:windows:*:*",
"matchCriteriaId": "A1A14B8C-1B61-4682-AABE-4732B65E51BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious user can cause log files to be written to a directory that they do not have permission to write to."
}
],
"id": "CVE-2023-24484",
"lastModified": "2025-03-18T20:15:18.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-16T18:15:11.900",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-4879 (GCVE-0-2025-4879)
Vulnerability from cvelistv5 – Published: 2025-06-17 13:02 – Updated: 2025-06-18 03:56
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Workspace App for Windows |
Affected:
CR , < 2409
(patch)
Affected: 2402 LTSR , < CU2 Hotfix 1 (hotfix) Affected: 2402 LTSR , < CU3 Hotfix 1 (hotfix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:01.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Workspace App for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2409",
"status": "affected",
"version": "CR",
"versionType": "patch"
},
{
"lessThan": "CU2 Hotfix 1",
"status": "affected",
"version": "2402 LTSR",
"versionType": "hotfix"
},
{
"lessThan": "CU3 Hotfix 1",
"status": "affected",
"version": "2402 LTSR",
"versionType": "hotfix"
}
]
}
],
"datePublic": "2025-06-17T13:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u0026nbsp;\u003c/span\u003e\u003c/b\u003eCitrix Workspace app for Windows\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:02:59.807Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-4879",
"datePublished": "2025-06-17T13:02:59.807Z",
"dateReserved": "2025-05-17T02:24:20.690Z",
"dateUpdated": "2025-06-18T03:56:01.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7890 (GCVE-0-2024-7890)
Vulnerability from cvelistv5 – Published: 2024-09-11 22:32 – Updated: 2024-09-13 17:30
VLAI?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
Current Release (CR) 0 , < 2405
(patch)
Affected: Long Term Service Release (LTSR) 0 , < 2402 LTSR CU1 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402_cu1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T03:55:28.595311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:30:03.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "Current Release (CR) 0",
"versionType": "patch"
},
{
"lessThan": "2402 LTSR CU1",
"status": "affected",
"version": "Long Term Service Release (LTSR) 0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-09-10T22:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eLocal privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T22:32:17.479Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-7890",
"datePublished": "2024-09-11T22:32:17.479Z",
"dateReserved": "2024-08-16T16:50:37.055Z",
"dateUpdated": "2024-09-13T17:30:03.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7889 (GCVE-0-2024-7889)
Vulnerability from cvelistv5 – Published: 2024-09-11 22:16 – Updated: 2024-09-13 17:29
VLAI?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
Current Release (CR) , < 2405
(patch)
Affected: Long Term Service Release (LTSR) , < 2402 LTSR CU1 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402_cu1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T03:55:27.338267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:29:12.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "Current Release (CR)",
"versionType": "patch"
},
{
"lessThan": "2402 LTSR CU1",
"status": "affected",
"version": "Long Term Service Release (LTSR)",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-09-10T22:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLocal privilege escalation allows a low-privileged user to gain SYSTEM privileges\u003c/span\u003e\u0026nbsp;in\u0026nbsp;Citrix Workspace app for Windows"
}
],
"value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T22:16:41.209Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-7889",
"datePublished": "2024-09-11T22:16:41.209Z",
"dateReserved": "2024-08-16T16:50:35.785Z",
"dateUpdated": "2024-09-13T17:29:12.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42423 (GCVE-0-2024-42423)
Vulnerability from cvelistv5 – Published: 2024-09-10 14:55 – Updated: 2024-09-10 19:09
VLAI?
Summary
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.
Severity ?
6.1 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Wyse Proprietary OS (Modern ThinOS) |
Affected:
ThinOS 2311
Affected: ThinOS 2402 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:09:01.362938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:09:13.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wyse Proprietary OS (Modern ThinOS)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "ThinOS 2311"
},
{
"status": "affected",
"version": "ThinOS 2402"
}
]
}
],
"datePublic": "2024-06-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering."
}
],
"value": "Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:55:58.906Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229-security-update-for-dell-thinos-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-42423",
"datePublished": "2024-09-10T14:55:58.906Z",
"dateReserved": "2024-08-01T07:28:53.701Z",
"dateUpdated": "2024-09-10T19:09:13.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6149 (GCVE-0-2024-6149)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:42 – Updated: 2024-10-29 20:57
VLAI?
Summary
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for HTML5 |
Affected:
2404 , < 1
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:48:17.083768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:57:34.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for HTML5",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2404",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eRedirection of users to a vulnerable URL\u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for HTML5\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Redirection of users to a vulnerable URL in\u00a0Citrix Workspace app for HTML5"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:42:20.488Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678037"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6149",
"datePublished": "2024-07-10T20:42:20.488Z",
"dateReserved": "2024-06-18T21:14:33.106Z",
"dateUpdated": "2024-10-29T20:57:34.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6148 (GCVE-0-2024-6148)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:40 – Updated: 2025-03-25 16:40
VLAI?
Summary
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for HTML5 |
Affected:
2404 , < 1
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:56:38.688577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:40:45.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for HTML5",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2404",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eBypass of GACS Policy Configuration settings\u003c/span\u003e\u003c/b\u003e in \u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for HTML5\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:40:07.129Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678037"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6148",
"datePublished": "2024-07-10T20:40:07.129Z",
"dateReserved": "2024-06-18T21:14:31.903Z",
"dateUpdated": "2025-03-25T16:40:45.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6286 (GCVE-0-2024-6286)
Vulnerability from cvelistv5 – Published: 2024-07-10 20:25 – Updated: 2024-08-01 21:33
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
2403 , < 1
(patch)
Affected: 2402 LTSR , < 0 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace:-:*:*:*:-:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace",
"vendor": "citrix",
"versions": [
{
"lessThan": "2403.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace:-:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T03:55:35.410636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T12:55:40.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2403",
"versionType": "patch"
},
{
"lessThan": "0",
"status": "affected",
"version": "2402 LTSR",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T20:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges \u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for Windows\u003c/span\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:25:21.414Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678036"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6286",
"datePublished": "2024-07-10T20:25:21.414Z",
"dateReserved": "2024-06-24T15:14:48.157Z",
"dateUpdated": "2024-08-01T21:33:05.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24486 (GCVE-0-2023-24486)
Vulnerability from cvelistv5 – Published: 2023-07-10 20:36 – Updated: 2024-10-25 19:30
VLAI?
Summary
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
Severity ?
5.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Linux |
Affected:
0 , < 2302
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T19:29:49.526991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T19:30:30.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Citrix Workspace app for Linux",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2302",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-15T00:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched."
}
],
"value": "A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:36:01.889Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local user access to a system where another user is utilizing a vulnerable version of Citrix Workspace App for Linux to launch published desktops and applications",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24486",
"datePublished": "2023-07-10T20:36:01.889Z",
"dateReserved": "2023-01-24T15:49:52.578Z",
"dateUpdated": "2024-10-25T19:30:30.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24484 (GCVE-0-2023-24484)
Vulnerability from cvelistv5 – Published: 2023-02-16 00:00 – Updated: 2025-03-18 19:12
VLAI?
Summary
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
Severity ?
5.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace App for Windows |
Affected:
Citrix Workspace App versions , < 2212
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T19:12:48.075216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:12:52.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix Workspace App for Windows",
"vendor": "Citrix",
"versions": [
{
"changes": [
{
"at": "2203 LTSR before CU2 ",
"status": "unaffected"
},
{
"at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ",
"status": "unaffected"
}
],
"lessThan": "2212",
"status": "affected",
"version": "Citrix Workspace App versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious user can cause log files to be written to a directory that they do not have permission to write to."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00.000Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A malicious user can cause log files to be written to a directory that they do not have permission to write to.",
"workarounds": [
{
"lang": "en",
"value": "These vulnerabilities are only exposed by a Windows Administrator or SYSTEM process (e.g. SCCM) performing the installation or uninstallation of a vulnerable version of Citrix Workspace App. Customers will only be affected by these vulnerabilities if they perform these actions using a vulnerable version of Citrix Workspace app for Windows."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24484",
"datePublished": "2023-02-16T00:00:00.000Z",
"dateReserved": "2023-01-24T00:00:00.000Z",
"dateUpdated": "2025-03-18T19:12:52.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24485 (GCVE-0-2023-24485)
Vulnerability from cvelistv5 – Published: 2023-02-16 00:00 – Updated: 2025-03-19 14:18
VLAI?
Summary
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace App for Windows |
Affected:
Citrix Workspace App versions , < 2212
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T14:18:25.931722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:18:32.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix Workspace App for Windows",
"vendor": "Citrix",
"versions": [
{
"changes": [
{
"at": "2203 LTSR before CU2 ",
"status": "unaffected"
},
{
"at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ",
"status": "unaffected"
}
],
"lessThan": "2212",
"status": "affected",
"version": "Citrix Workspace App versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00.000Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows",
"workarounds": [
{
"lang": "en",
"value": "These vulnerabilities are only exposed by a Windows Administrator or SYSTEM process (e.g. SCCM) performing the installation or uninstallation of a vulnerable version of Citrix Workspace App. Customers will only be affected by these vulnerabilities if they perform these actions using a vulnerable version of Citrix Workspace app for Windows."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24485",
"datePublished": "2023-02-16T00:00:00.000Z",
"dateReserved": "2023-01-24T00:00:00.000Z",
"dateUpdated": "2025-03-19T14:18:32.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4879 (GCVE-0-2025-4879)
Vulnerability from nvd – Published: 2025-06-17 13:02 – Updated: 2025-06-18 03:56
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Workspace App for Windows |
Affected:
CR , < 2409
(patch)
Affected: 2402 LTSR , < CU2 Hotfix 1 (hotfix) Affected: 2402 LTSR , < CU3 Hotfix 1 (hotfix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T03:56:01.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Workspace App for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2409",
"status": "affected",
"version": "CR",
"versionType": "patch"
},
{
"lessThan": "CU2 Hotfix 1",
"status": "affected",
"version": "2402 LTSR",
"versionType": "hotfix"
},
{
"lessThan": "CU3 Hotfix 1",
"status": "affected",
"version": "2402 LTSR",
"versionType": "hotfix"
}
]
}
],
"datePublic": "2025-06-17T13:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u0026nbsp;\u003c/span\u003e\u003c/b\u003eCitrix Workspace app for Windows\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:02:59.807Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2025-4879",
"datePublished": "2025-06-17T13:02:59.807Z",
"dateReserved": "2025-05-17T02:24:20.690Z",
"dateUpdated": "2025-06-18T03:56:01.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7890 (GCVE-0-2024-7890)
Vulnerability from nvd – Published: 2024-09-11 22:32 – Updated: 2024-09-13 17:30
VLAI?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
Current Release (CR) 0 , < 2405
(patch)
Affected: Long Term Service Release (LTSR) 0 , < 2402 LTSR CU1 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402_cu1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T03:55:28.595311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:30:03.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "Current Release (CR) 0",
"versionType": "patch"
},
{
"lessThan": "2402 LTSR CU1",
"status": "affected",
"version": "Long Term Service Release (LTSR) 0",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-09-10T22:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eLocal privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T22:32:17.479Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-7890",
"datePublished": "2024-09-11T22:32:17.479Z",
"dateReserved": "2024-08-16T16:50:37.055Z",
"dateUpdated": "2024-09-13T17:30:03.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7889 (GCVE-0-2024-7889)
Vulnerability from nvd – Published: 2024-09-11 22:16 – Updated: 2024-09-13 17:29
VLAI?
Summary
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
Current Release (CR) , < 2405
(patch)
Affected: Long Term Service Release (LTSR) , < 2402 LTSR CU1 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace_app:*:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace_app",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402_cu1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T03:55:27.338267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:29:12.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2405",
"status": "affected",
"version": "Current Release (CR)",
"versionType": "patch"
},
{
"lessThan": "2402 LTSR CU1",
"status": "affected",
"version": "Long Term Service Release (LTSR)",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-09-10T22:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLocal privilege escalation allows a low-privileged user to gain SYSTEM privileges\u003c/span\u003e\u0026nbsp;in\u0026nbsp;Citrix Workspace app for Windows"
}
],
"value": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges\u00a0in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T22:16:41.209Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691485-citrix-workspace-app-for-windows-security-bulletin-cve20247889-and-cve20247890?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-7889",
"datePublished": "2024-09-11T22:16:41.209Z",
"dateReserved": "2024-08-16T16:50:35.785Z",
"dateUpdated": "2024-09-13T17:29:12.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42423 (GCVE-0-2024-42423)
Vulnerability from nvd – Published: 2024-09-10 14:55 – Updated: 2024-09-10 19:09
VLAI?
Summary
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.
Severity ?
6.1 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Wyse Proprietary OS (Modern ThinOS) |
Affected:
ThinOS 2311
Affected: ThinOS 2402 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:09:01.362938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:09:13.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wyse Proprietary OS (Modern ThinOS)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "ThinOS 2311"
},
{
"status": "affected",
"version": "ThinOS 2402"
}
]
}
],
"datePublic": "2024-06-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering."
}
],
"value": "Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:55:58.906Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229-security-update-for-dell-thinos-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-42423",
"datePublished": "2024-09-10T14:55:58.906Z",
"dateReserved": "2024-08-01T07:28:53.701Z",
"dateUpdated": "2024-09-10T19:09:13.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6149 (GCVE-0-2024-6149)
Vulnerability from nvd – Published: 2024-07-10 20:42 – Updated: 2024-10-29 20:57
VLAI?
Summary
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for HTML5 |
Affected:
2404 , < 1
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:48:17.083768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:57:34.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for HTML5",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2404",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eRedirection of users to a vulnerable URL\u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for HTML5\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Redirection of users to a vulnerable URL in\u00a0Citrix Workspace app for HTML5"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:42:20.488Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678037"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6149",
"datePublished": "2024-07-10T20:42:20.488Z",
"dateReserved": "2024-06-18T21:14:33.106Z",
"dateUpdated": "2024-10-29T20:57:34.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6148 (GCVE-0-2024-6148)
Vulnerability from nvd – Published: 2024-07-10 20:40 – Updated: 2025-03-25 16:40
VLAI?
Summary
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for HTML5 |
Affected:
2404 , < 1
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:56:38.688577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:40:45.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for HTML5",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2404",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eBypass of GACS Policy Configuration settings\u003c/span\u003e\u003c/b\u003e in \u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for HTML5\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:40:07.129Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678037"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6148",
"datePublished": "2024-07-10T20:40:07.129Z",
"dateReserved": "2024-06-18T21:14:31.903Z",
"dateUpdated": "2025-03-25T16:40:45.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6286 (GCVE-0-2024-6286)
Vulnerability from nvd – Published: 2024-07-10 20:25 – Updated: 2024-08-01 21:33
VLAI?
Summary
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Windows |
Affected:
2403 , < 1
(patch)
Affected: 2402 LTSR , < 0 (patch) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:citrix:workspace:-:*:*:*:-:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace",
"vendor": "citrix",
"versions": [
{
"lessThan": "2403.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:citrix:workspace:-:*:*:*:ltsr:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workspace",
"vendor": "citrix",
"versions": [
{
"lessThan": "2402",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T03:55:35.410636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T12:55:40.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX678036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Workspace app for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "1",
"status": "affected",
"version": "2403",
"versionType": "patch"
},
{
"lessThan": "0",
"status": "affected",
"version": "2402 LTSR",
"versionType": "patch"
}
]
}
],
"datePublic": "2024-07-09T20:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eLocal Privilege escalation allows a low-privileged user to gain SYSTEM privileges \u003c/span\u003e\u003c/b\u003e in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eCitrix Workspace app for Windows\u003c/span\u003e"
}
],
"value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in\u00a0Citrix Workspace app for Windows"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:25:21.414Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX678036"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-6286",
"datePublished": "2024-07-10T20:25:21.414Z",
"dateReserved": "2024-06-24T15:14:48.157Z",
"dateUpdated": "2024-08-01T21:33:05.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24486 (GCVE-0-2023-24486)
Vulnerability from nvd – Published: 2023-07-10 20:36 – Updated: 2024-10-25 19:30
VLAI?
Summary
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
Severity ?
5.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace app for Linux |
Affected:
0 , < 2302
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T19:29:49.526991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T19:30:30.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Citrix Workspace app for Linux",
"vendor": "Citrix",
"versions": [
{
"lessThan": "2302",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-15T00:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched."
}
],
"value": "A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:36:01.889Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local user access to a system where another user is utilizing a vulnerable version of Citrix Workspace App for Linux to launch published desktops and applications",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24486",
"datePublished": "2023-07-10T20:36:01.889Z",
"dateReserved": "2023-01-24T15:49:52.578Z",
"dateUpdated": "2024-10-25T19:30:30.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24484 (GCVE-0-2023-24484)
Vulnerability from nvd – Published: 2023-02-16 00:00 – Updated: 2025-03-18 19:12
VLAI?
Summary
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
Severity ?
5.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace App for Windows |
Affected:
Citrix Workspace App versions , < 2212
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T19:12:48.075216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:12:52.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix Workspace App for Windows",
"vendor": "Citrix",
"versions": [
{
"changes": [
{
"at": "2203 LTSR before CU2 ",
"status": "unaffected"
},
{
"at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ",
"status": "unaffected"
}
],
"lessThan": "2212",
"status": "affected",
"version": "Citrix Workspace App versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious user can cause log files to be written to a directory that they do not have permission to write to."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00.000Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A malicious user can cause log files to be written to a directory that they do not have permission to write to.",
"workarounds": [
{
"lang": "en",
"value": "These vulnerabilities are only exposed by a Windows Administrator or SYSTEM process (e.g. SCCM) performing the installation or uninstallation of a vulnerable version of Citrix Workspace App. Customers will only be affected by these vulnerabilities if they perform these actions using a vulnerable version of Citrix Workspace app for Windows."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24484",
"datePublished": "2023-02-16T00:00:00.000Z",
"dateReserved": "2023-01-24T00:00:00.000Z",
"dateUpdated": "2025-03-18T19:12:52.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24485 (GCVE-0-2023-24485)
Vulnerability from nvd – Published: 2023-02-16 00:00 – Updated: 2025-03-19 14:18
VLAI?
Summary
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Workspace App for Windows |
Affected:
Citrix Workspace App versions , < 2212
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T14:18:25.931722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:18:32.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix Workspace App for Windows",
"vendor": "Citrix",
"versions": [
{
"changes": [
{
"at": "2203 LTSR before CU2 ",
"status": "unaffected"
},
{
"at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ",
"status": "unaffected"
}
],
"lessThan": "2212",
"status": "affected",
"version": "Citrix Workspace App versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00.000Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows",
"workarounds": [
{
"lang": "en",
"value": "These vulnerabilities are only exposed by a Windows Administrator or SYSTEM process (e.g. SCCM) performing the installation or uninstallation of a vulnerable version of Citrix Workspace App. Customers will only be affected by these vulnerabilities if they perform these actions using a vulnerable version of Citrix Workspace app for Windows."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2023-24485",
"datePublished": "2023-02-16T00:00:00.000Z",
"dateReserved": "2023-01-24T00:00:00.000Z",
"dateUpdated": "2025-03-19T14:18:32.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}