cvelistv5 - cve-2020-8211

CVE-2020-8211 (GCVE-0-2020-8211)

Vulnerability from cvelistv5 – Published: 2020-08-17 15:40 – Updated: 2024-08-04 09:56

Summary

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.

Severity ?

No CVSS data available.

CWE

CWE-77 - Command Injection - Generic (CWE-77)

Assigner

hackerone

References

URL

Tags

https://support.citrix.com/article/CTX277457

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Citrix XenMobile Server	Affected: Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX277457"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Citrix XenMobile Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection - Generic (CWE-77)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-17T15:40:20",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/article/CTX277457"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Citrix XenMobile Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command Injection - Generic (CWE-77)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX277457",
              "refsource": "MISC",
              "url": "https://support.citrix.com/article/CTX277457"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8211",
    "datePublished": "2020-08-17T15:40:20",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:27.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.8.0\", \"matchCriteriaId\": \"7CA09036-632C-43B1-905D-9C0791741175\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A7F5AB-EBFF-4178-A453-E15DE705297E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"694A17F8-C261-4980-9599-0FD10FE28B29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA372FE3-5F64-4578-B7EF-D5858A09A2CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A620E08-F0EA-4132-8D2F-8D1DD284DD16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"90CBB0DC-9216-4224-B1C7-B852990FE2FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D13600BB-D45D-4EE0-BE08-C9AB9778E42C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FCF41C7-62BC-4DF4-8A38-4E727E492CEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*\", \"matchCriteriaId\": \"65AD3824-ABE8-4FD2-B201-C11E7D11E938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E2CC054-2FC3-4C68-A3AB-411382CD1332\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABD3BDF2-39B2-4C5C-A647-406142363632\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"88FF116A-5E98-402D-901D-F4A91006722B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch4:*:*:*:*:*:*\", \"matchCriteriaId\": \"734CD590-7B5E-4067-BDB1-A3780812B619\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch5:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ABFF915-CB4B-4AE9-87BE-C3FF6E846BB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"33335E33-AAE8-4DAB-85B7-6B376993EC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*\", \"matchCriteriaId\": \"50F4279F-C878-4684-9DA7-0C9FDE213D6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch2:*:*:*:*:*:*\", \"matchCriteriaId\": \"954AD540-BAB0-4F96-B123-1E4D408CDB49\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.\"}, {\"lang\": \"es\", \"value\": \"Una comprobaci\\u00f3n de entrada inapropiada  en Citrix XenMobile Server versiones 10.12 anteriores a RP3, Citrix XenMobile Server versiones 10.11 anteriores a RP6, Citrix XenMobile Server 10.10 RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, permite una inyecci\\u00f3n SQL.\"}]",
      "id": "CVE-2020-8211",
      "lastModified": "2024-11-21T05:38:30.750",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-08-17T16:15:13.483",
      "references": "[{\"url\": \"https://support.citrix.com/article/CTX277457\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/article/CTX277457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8211\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-08-17T16:15:13.483\",\"lastModified\":\"2024-11-21T05:38:30.750\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.\"},{\"lang\":\"es\",\"value\":\"Una comprobaci\u00f3n de entrada inapropiada  en Citrix XenMobile Server versiones 10.12 anteriores a RP3, Citrix XenMobile Server versiones 10.11 anteriores a RP6, Citrix XenMobile Server 10.10 RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, permite una inyecci\u00f3n SQL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.8.0\",\"matchCriteriaId\":\"7CA09036-632C-43B1-905D-9C0791741175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A7F5AB-EBFF-4178-A453-E15DE705297E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"694A17F8-C261-4980-9599-0FD10FE28B29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA372FE3-5F64-4578-B7EF-D5858A09A2CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A620E08-F0EA-4132-8D2F-8D1DD284DD16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"90CBB0DC-9216-4224-B1C7-B852990FE2FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D13600BB-D45D-4EE0-BE08-C9AB9778E42C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FCF41C7-62BC-4DF4-8A38-4E727E492CEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*\",\"matchCriteriaId\":\"65AD3824-ABE8-4FD2-B201-C11E7D11E938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E2CC054-2FC3-4C68-A3AB-411382CD1332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD3BDF2-39B2-4C5C-A647-406142363632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"88FF116A-5E98-402D-901D-F4A91006722B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch4:*:*:*:*:*:*\",\"matchCriteriaId\":\"734CD590-7B5E-4067-BDB1-A3780812B619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ABFF915-CB4B-4AE9-87BE-C3FF6E846BB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"33335E33-AAE8-4DAB-85B7-6B376993EC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"50F4279F-C878-4684-9DA7-0C9FDE213D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"954AD540-BAB0-4F96-B123-1E4D408CDB49\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX277457\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX277457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-8211

Vulnerability from fkie_nvd - Published: 2020-08-17 16:15 - Updated: 2024-11-21 05:38

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	support@hackerone.com	https://support.citrix.com/article/CTX277457	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX277457	Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	xenmobile_server	*
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.9.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.10.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.11.0
citrix	xenmobile_server	10.12.0
citrix	xenmobile_server	10.12.0
citrix	xenmobile_server	10.12.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
              "versionEndIncluding": "10.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
              "matchCriteriaId": "0A620E08-F0EA-4132-8D2F-8D1DD284DD16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
              "matchCriteriaId": "DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
              "matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
              "matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
              "matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
              "matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch4:*:*:*:*:*:*",
              "matchCriteriaId": "734CD590-7B5E-4067-BDB1-A3780812B619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch5:*:*:*:*:*:*",
              "matchCriteriaId": "2ABFF915-CB4B-4AE9-87BE-C3FF6E846BB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "954AD540-BAB0-4F96-B123-1E4D408CDB49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection."
    },
    {
      "lang": "es",
      "value": "Una comprobaci\u00f3n de entrada inapropiada  en Citrix XenMobile Server versiones 10.12 anteriores a RP3, Citrix XenMobile Server versiones 10.11 anteriores a RP6, Citrix XenMobile Server 10.10 RP6 y Citrix XenMobile Server versiones anteriores a 10.9 RP5, permite una inyecci\u00f3n SQL."
    }
  ],
  "id": "CVE-2020-8211",
  "lastModified": "2024-11-21T05:38:30.750",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-17T16:15:13.483",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX277457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX277457"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-8211

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-8211

Aliases

CVE-2020-8211

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8211",
    "description": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.",
    "id": "GSD-2020-8211"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8211"
      ],
      "details": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.",
      "id": "GSD-2020-8211",
      "modified": "2023-12-13T01:21:54.190022Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2020-8211",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Citrix XenMobile Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Command Injection - Generic (CWE-77)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX277457",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX277457"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2020-8211"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX277457",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/article/CTX277457"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-20T16:20Z",
      "publishedDate": "2020-08-17T16:15Z"
    }
  }
}

CERTFR-2020-AVI-492

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Citrix Endpoint Management. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	XenMobile Server 10.10, si le correctif RP6 est appliqué, l'impact est moins sévère
Citrix	N/A	XenMobile Server versions antérieures à 10.9 RP5
Citrix	N/A	XenMobile Server 10.11, si le correctif RP6 est appliqué, l'impact est moins sévère
Citrix	N/A	XenMobile Server 10.12, si le correctif RP3 est appliqué, l'impact est moins sévère

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX277457 du 11 août 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "XenMobile Server 10.10, si le correctif RP6 est appliqu\u00e9, l\u0027impact est moins s\u00e9v\u00e8re",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "XenMobile Server versions ant\u00e9rieures \u00e0 10.9 RP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "XenMobile Server 10.11, si le correctif RP6 est appliqu\u00e9, l\u0027impact est moins s\u00e9v\u00e8re",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "XenMobile Server 10.12, si le correctif RP3 est appliqu\u00e9, l\u0027impact est moins s\u00e9v\u00e8re",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8208"
    },
    {
      "name": "CVE-2020-8210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8210"
    },
    {
      "name": "CVE-2020-8211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8211"
    },
    {
      "name": "CVE-2020-8209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8209"
    },
    {
      "name": "CVE-2020-8212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8212"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-492",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-08-11T00:00:00.000000"
    },
    {
      "description": "Correction ligne 10.9 RP5.",
      "revision_date": "2020-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Endpoint\nManagement. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Endpoint Management",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX277457 du 11 ao\u00fbt 2020",
      "url": "https://support.citrix.com/article/CTX277457"
    }
  ]
}

CERTFR-2020-AVI-492

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Citrix Endpoint Management. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	XenMobile Server 10.10, si le correctif RP6 est appliqué, l'impact est moins sévère
Citrix	N/A	XenMobile Server versions antérieures à 10.9 RP5
Citrix	N/A	XenMobile Server 10.11, si le correctif RP6 est appliqué, l'impact est moins sévère
Citrix	N/A	XenMobile Server 10.12, si le correctif RP3 est appliqué, l'impact est moins sévère

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX277457 du 11 août 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "XenMobile Server 10.10, si le correctif RP6 est appliqu\u00e9, l\u0027impact est moins s\u00e9v\u00e8re",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "XenMobile Server versions ant\u00e9rieures \u00e0 10.9 RP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "XenMobile Server 10.11, si le correctif RP6 est appliqu\u00e9, l\u0027impact est moins s\u00e9v\u00e8re",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "XenMobile Server 10.12, si le correctif RP3 est appliqu\u00e9, l\u0027impact est moins s\u00e9v\u00e8re",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8208"
    },
    {
      "name": "CVE-2020-8210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8210"
    },
    {
      "name": "CVE-2020-8211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8211"
    },
    {
      "name": "CVE-2020-8209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8209"
    },
    {
      "name": "CVE-2020-8212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8212"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-492",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-08-11T00:00:00.000000"
    },
    {
      "description": "Correction ligne 10.9 RP5.",
      "revision_date": "2020-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Endpoint\nManagement. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Endpoint Management",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX277457 du 11 ao\u00fbt 2020",
      "url": "https://support.citrix.com/article/CTX277457"
    }
  ]
}

CNVD-2020-49028

Vulnerability from cnvd - Published: 2020-08-28

Title

Citrix Systems XenMobile Server命令注入漏洞

Description

Citrix Systems XenMobile Server是美国思杰系统（Citrix Systems）公司的一套移动管理解决方案。该方案能够管理移动设备、制定移动策略和合规性规则、深入了解移动移动网络运行情况等。 Citrix Systems XenMobile Server存在命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

Severity

高

Patch Name

Citrix Systems XenMobile Server命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.citrix.com/article/CTX277457

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8211

Impacted products

Name
['Citrix Systems XenMobile Server <10.12 RP3', 'Citrix Systems XenMobile Server <10.11 RP6', 'Citrix Systems XenMobile Server <10.10 RP6', 'Citrix Systems XenMobile Server <10.9 RP5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8211"
    }
  },
  "description": "Citrix Systems XenMobile Server\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4e00\u5957\u79fb\u52a8\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u7ba1\u7406\u79fb\u52a8\u8bbe\u5907\u3001\u5236\u5b9a\u79fb\u52a8\u7b56\u7565\u548c\u5408\u89c4\u6027\u89c4\u5219\u3001\u6df1\u5165\u4e86\u89e3\u79fb\u52a8\u79fb\u52a8\u7f51\u7edc\u8fd0\u884c\u60c5\u51b5\u7b49\u3002\n\nCitrix Systems XenMobile Server\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.citrix.com/article/CTX277457",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-49028",
  "openTime": "2020-08-28",
  "patchDescription": "Citrix Systems XenMobile Server\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4e00\u5957\u79fb\u52a8\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u7ba1\u7406\u79fb\u52a8\u8bbe\u5907\u3001\u5236\u5b9a\u79fb\u52a8\u7b56\u7565\u548c\u5408\u89c4\u6027\u89c4\u5219\u3001\u6df1\u5165\u4e86\u89e3\u79fb\u52a8\u79fb\u52a8\u7f51\u7edc\u8fd0\u884c\u60c5\u51b5\u7b49\u3002\r\n\r\nCitrix Systems XenMobile Server\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix Systems XenMobile Server\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix Systems XenMobile Server \u003c10.12 RP3",
      "Citrix Systems XenMobile Server \u003c10.11 RP6",
      "Citrix Systems XenMobile Server \u003c10.10 RP6",
      "Citrix Systems XenMobile Server \u003c10.9 RP5"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-8211",
  "serverity": "\u9ad8",
  "submitTime": "2020-08-14",
  "title": "Citrix Systems XenMobile Server\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-8CPM-585G-7JM9

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8211"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-17T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.",
  "id": "GHSA-8cpm-585g-7jm9",
  "modified": "2022-05-24T17:26:05Z",
  "published": "2022-05-24T17:26:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8211"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX277457"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8211 (GCVE-0-2020-8211)

FKIE_CVE-2020-8211

GSD-2020-8211

CERTFR-2020-AVI-492

Solution

CERTFR-2020-AVI-492

Solution

CNVD-2020-49028

GHSA-8CPM-585G-7JM9

Tags

Sightings

Nomenclature