cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7890,https://securityvulnerability.io/vulnerability/CVE-2024-7890,Low-Privilege Escalation Threat Affects Citrix Workspace for Windows,"A local privilege escalation vulnerability exists in Citrix Workspace app for Windows, allowing low-privileged users to elevate their privileges to SYSTEM level. This issue could expose sensitive systems and data, offering attackers the ability to execute malicious actions as a privileged user. Organizations using affected versions should take immediate steps to apply security patches and mitigate potential risks associated with this vulnerability.",Citrix,Citrix Workspace App For Windows,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-11T22:32:17.479Z,0
CVE-2024-7889,https://securityvulnerability.io/vulnerability/CVE-2024-7889,Citrix Workspace app for Windows vulnerable to Local Privilege Escalation Attack,"A local privilege escalation vulnerability exists within the Citrix Workspace app for Windows, which could allow low-privileged users to elevate their privileges to that of a system user. This situation poses a significant risk to system integrity as unauthorized access could lead to potential exploitation of other security weaknesses within the operating environment. Proper patching and system checks are essential to mitigate these risks. Citrix has released guidance for users to address this vulnerability and reinforce security protocols.",Citrix,Citrix Workspace App For Windows,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-11T22:16:41.209Z,0
CVE-2024-6148,https://securityvulnerability.io/vulnerability/CVE-2024-6148,Citrix Workspace App Vulnerability Allows Bypass of GACS Policy Configuration Settings,"A vulnerability exists in Citrix Workspace app for HTML5 that enables an attacker to bypass GACS (Gateway Access Control Service) policy configuration settings. This flaw may allow unauthorized users to access sensitive resources. Proper management of GACS policies is critical to ensure that only authorized access to applications and data is maintained. Users of Citrix Workspace app are strongly advised to review their policy configurations and apply necessary updates to safeguard their systems. For detailed information regarding this vulnerability, refer to the official Citrix support article.",Citrix,Citrix Workspace App For Html5,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-07-10T20:40:07.129Z,0
CVE-2023-4966,https://securityvulnerability.io/vulnerability/CVE-2023-4966,Sensitive Information Disclosure in NetScaler ADC and NetScaler Gateway,"A vulnerability has been identified in Citrix NetScaler ADC and Gateway that allows for the potential disclosure of sensitive information. This issue arises when the products are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server. Attackers could exploit this vulnerability to gain unauthorized access to sensitive user data, which may lead to further exploitation of affected systems.",Citrix,"Netscaler Adc,Netscaler Gateway",7.5,HIGH,0.9563900232315063,true,2023-10-18T00:00:00.000Z,true,true,true,2023-10-18T00:00:00.000Z,true,false,false,,2023-10-10T14:15:00.000Z,0
CVE-2023-3467,https://securityvulnerability.io/vulnerability/CVE-2023-3467,Privilege Escalation Vulnerability in Citrix ADC and Citrix Gateway,"A privilege escalation vulnerability exists in Citrix ADC and Citrix Gateway, allowing an attacker to gain root administrator access (nsroot). This security flaw can be exploited to manipulate system settings and breach sensitive data, thereby amplifying the risks associated with unauthorized access. Immediate assessment and remediation are essential to safeguard affected systems.",Citrix,"Netscaler Adc,Netscaler Gateway",8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-07-19T19:15:00.000Z,0
CVE-2023-3466,https://securityvulnerability.io/vulnerability/CVE-2023-3466,Reflected Cross-Site Scripting Vulnerability in Citrix ADC and Citrix Gateway,"A reflected Cross-Site Scripting (XSS) vulnerability exists in Citrix ADC and Citrix Gateway, allowing an attacker to inject malicious scripts into web pages viewed by users. This flaw can be exploited to unsuspectingly execute arbitrary JavaScript code in a user's browser, potentially compromising user sessions, stealing sensitive information, or performing unauthorized actions. It is crucial for organizations using these products to apply the recommended mitigations to safeguard their applications against this vulnerability.",Citrix,"Netscaler Adc,Netscaler Gateway",8.3,HIGH,0.0007200000109151006,false,,false,false,false,,,false,false,,2023-07-19T19:15:00.000Z,0
CVE-2023-3519,https://securityvulnerability.io/vulnerability/CVE-2023-3519,Unauthenticated Remote Code Execution Vulnerability Affects Cisco Firepower Products,"A serious remote code execution vulnerability has been identified in Citrix ADC and Citrix Gateway products. Attackers can exploit this weakness without authentication, meaning they could potentially execute arbitrary code on the affected systems. This vulnerability affects multiple versions of the products, allowing unauthorized users to gain control and launch malicious activities. It is crucial for organizations utilizing Citrix technologies to apply relevant patches and evaluate their security posture to mitigate the risks posed by this vulnerability.",Citrix,"Netscaler Adc,Netscaler Gateway",9.8,CRITICAL,0.9635900259017944,true,2023-07-19T00:00:00.000Z,true,true,true,2023-07-19T00:00:00.000Z,true,false,false,,2023-07-19T18:15:00.000Z,0
CVE-2023-24492,https://securityvulnerability.io/vulnerability/CVE-2023-24492,Remote Code Execution Vulnerability in Citrix Secure Access Client for Ubuntu,"A serious vulnerability affects the Citrix Secure Access Client for Ubuntu, where an attacker could potentially execute arbitrary code on the victim's system. This exploitation could occur through an attacker-crafted link that, if opened by the user, leads to executing malicious commands after the user accepts prompts. This vulnerability underscores the importance of caution when interacting with unknown links and maintaining updated security protocols.",Citrix,Citrix Secure Access Client For Ubuntu,9.6,CRITICAL,0.003269999986514449,false,,false,false,false,,,false,false,,2023-07-11T22:15:00.000Z,0
CVE-2023-24491,https://securityvulnerability.io/vulnerability/CVE-2023-24491,Local Privilege Escalation Vulnerability in Citrix Secure Access Client for Windows,"A vulnerability in the Citrix Secure Access Client for Windows allows attackers to escalate local privileges from a Standard User Account to NT AUTHORITY\SYSTEM. This can potentially enable unauthorized access to sensitive system-level resources, posing a security risk for environments relying on this client.",Citrix,Citrix Secure Access Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-07-11T22:15:00.000Z,0
CVE-2023-24489,https://securityvulnerability.io/vulnerability/CVE-2023-24489,Remote Compromise in Customer-Managed ShareFile Storage Zones Controller by Citrix,"A significant vulnerability has been identified in the customer-managed ShareFile Storage Zones Controller by Citrix. This vulnerability enables an unauthenticated attacker to potentially gain unauthorized remote access and compromise the system, posing serious security risks for users relying on this storage solution. It is essential for organizations using this product to apply the necessary mitigations and stay informed about updates.",Citrix,Citrix Sharefile Storage Zones Controller,9.8,CRITICAL,0.9722499847412109,true,2023-08-16T00:00:00.000Z,true,false,true,2023-08-16T00:00:00.000Z,true,false,false,,2023-07-10T22:15:00.000Z,0
CVE-2023-24485,https://securityvulnerability.io/vulnerability/CVE-2023-24485,Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows,"A vulnerability exists in the Citrix Workspace App for Windows that allows a standard user to execute operations with elevated SYSTEM privileges. This could potentially lead to unauthorized access and manipulation of sensitive system settings and data, posing significant security risks. Users of this application should promptly apply available patches to mitigate the risks associated with this vulnerability.",Citrix,Citrix Workspace App for Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-16T00:00:00.000Z,0
CVE-2023-24483,https://securityvulnerability.io/vulnerability/CVE-2023-24483,Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA,"A vulnerability has been reported in Citrix Virtual Apps and Desktops that enables a local user to gain elevated privileges, potentially allowing them to execute arbitrary commands with system-level access (NT AUTHORITY\SYSTEM). This could lead to unauthorized activities within the system, posing a risk to data integrity and security. Organizations utilizing Citrix Virtual Apps and Desktops should apply patches immediately to mitigate this risk.",Citrix,Citrix Virtual Apps and Desktops,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-16T00:00:00.000Z,0
CVE-2022-27518,https://securityvulnerability.io/vulnerability/CVE-2022-27518,Unauthenticated remote arbitrary code execution,"Unauthenticated remote arbitrary code execution
",Citrix,"Citrix Gateway, Citrix Adc",9.8,CRITICAL,0.1903200000524521,true,2022-12-13T00:00:00.000Z,false,false,true,2022-12-13T00:00:00.000Z,true,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-27510,https://securityvulnerability.io/vulnerability/CVE-2022-27510,"Unauthorized access to Gateway user capabilities ","Unauthorized access to Gateway user capabilities 
",Citrix,"Citrix Gateway, Citrix Adc",9.8,CRITICAL,0.0020200000144541264,false,,false,false,false,,,false,false,,2022-11-08T21:26:10.688Z,0
CVE-2022-27513,https://securityvulnerability.io/vulnerability/CVE-2022-27513,Remote desktop takeover via phishing,"Remote desktop takeover via phishing  
",Citrix,"Citrix Gateway, Citrix Adc",8.3,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2022-11-08T21:26:08.238Z,0
CVE-2022-27511,https://securityvulnerability.io/vulnerability/CVE-2022-27511,"Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password","Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.",Citrix,Citrix Application Delivery Management (citrix Adm),8.1,HIGH,0.002739999908953905,false,,false,false,false,,,false,false,,2022-06-16T19:15:00.000Z,0
CVE-2022-21827,https://securityvulnerability.io/vulnerability/CVE-2022-21827,Improper Privilege Vulnerability in Citrix Gateway Plug-in for Windows,"An improper privilege vulnerability has been identified in the Citrix Gateway Plug-in for Windows prior to version 21.9.1.2, which could allow an attacker with local access to manipulate or delete files with SYSTEM-level privileges. This vulnerability poses significant risks to the integrity and security of systems using the affected software, enabling malicious actors to exploit their access for harmful activities.",Citrix,Citrix Gateway Windows Plugin,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-26T16:41:39.000Z,0
CVE-2021-44519,https://securityvulnerability.io/vulnerability/CVE-2021-44519,Authenticated Directory Traversal Vulnerability in Citrix XenMobile Server,"Citrix XenMobile Server versions up to and including 10.12 RP9 have a vulnerability that allows authenticated users to exploit directory traversal, potentially leading to remote code execution. This can pose serious security risks, enabling unauthorized access to sensitive system files and manipulation of the server's operation. It's crucial for organizations using XenMobile to assess their systems and apply necessary patches to mitigate this risk.",Citrix,Xenmobile Server,8.8,HIGH,0.016459999606013298,false,,false,false,false,,,false,false,,2022-04-19T15:26:27.000Z,0
CVE-2021-44520,https://securityvulnerability.io/vulnerability/CVE-2021-44520,Authenticated Command Injection Vulnerability in Citrix XenMobile Server,"An Authenticated Command Injection vulnerability has been identified in Citrix XenMobile Server versions up to 10.12 RP9. This flaw allows an authenticated user to inject arbitrary commands, which can be executed with root privileges, potentially leading to unauthorized remote code execution. Organizations using these versions of XenMobile Server should take immediate action to mitigate the risks associated with this vulnerability.",Citrix,Xenmobile Server,8.8,HIGH,0.016019999980926514,false,,false,false,false,,,false,false,,2022-04-13T00:15:00.000Z,0
CVE-2022-26151,https://securityvulnerability.io/vulnerability/CVE-2022-26151,Command Injection Vulnerability in Citrix XenMobile Server,"Citrix XenMobile Server versions 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 are susceptible to a command injection vulnerability. This issue allows attackers to execute arbitrary commands on the server, potentially compromising the integrity and confidentiality of the system. Organizations using these versions should prioritize mitigation measures to safeguard their environments against unauthorized access and potential exploitation.",Citrix,Xenmobile Server,7.2,HIGH,0.020549999549984932,false,,false,false,false,,,false,false,,2022-04-13T00:15:00.000Z,0
CVE-2022-21825,https://securityvulnerability.io/vulnerability/CVE-2022-21825,Improper Access Control Vulnerability in Citrix Workspace App for Linux,An improper access control vulnerability exists in the Citrix Workspace App for Linux that allows an attacker to escalate their privileges locally. This flaw affects versions 2012 through 2111 of the application when App Protection is installed. Exploiting this vulnerability could enable unauthorized users to gain elevated access to sensitive functions within the application.,Citrix,Citrix Workspace App For Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-02-09T22:05:54.000Z,0
CVE-2021-22956,https://securityvulnerability.io/vulnerability/CVE-2021-22956,Uncontrolled Resource Consumption in Citrix ADC by Citrix,"A vulnerability exists in Citrix ADC which allows an attacker to exploit the Management GUI, Nitro API, and RPC communication. If an attacker gains access to the management interface via the NSIP or SNIP, it can result in temporary disruption of services, impacting the overall functionality and management of the ADC. This vulnerability highlights the importance of secure access controls and monitoring for potential threats in network management systems.",Citrix,"Citrix Adc, Citrix Gateway, Citrix Sdwan",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-12-07T13:12:38.000Z,0
CVE-2021-22955,https://securityvulnerability.io/vulnerability/CVE-2021-22955,Denial of Service Vulnerability in Citrix ADC VPN and AAA Configuration,"An unauthenticated denial of service vulnerability in Citrix ADC can create significant disruptions when the product is configured as a VPN or AAA virtual server. Attackers can exploit this flaw to temporarily incapacitate key management interfaces, including the Management GUI and Nitro API, leading to an interruption in RPC communication. This can potentially hamper the usability and accessibility of the services provided by Citrix ADC, making it crucial for organizations to address this vulnerability promptly.",Citrix,"Citrix Adc, Citrix Gateway",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-12-07T13:12:33.000Z,0
CVE-2021-22941,https://securityvulnerability.io/vulnerability/CVE-2021-22941,Improper Access Control in Citrix ShareFile Storage Zones Controller,"Citrix ShareFile Storage Zones Controller versions prior to 5.11.20 are susceptible to an access control vulnerability, potentially allowing unauthorized attackers to compromise the system remotely. This issue may enable attackers to gain access to sensitive data stored within the storage zones controller, posing significant risks to data integrity and confidentiality.",Citrix,Citrix Sharefile Storage Zones Controller,9.8,CRITICAL,0.011859999969601631,true,2022-03-25T00:00:00.000Z,false,true,true,2021-10-12T14:52:38.000Z,true,false,false,,2021-09-23T12:44:31.000Z,0
CVE-2021-22932,https://securityvulnerability.io/vulnerability/CVE-2021-22932,Information Disclosure Vulnerability in Citrix ShareFile by Citrix,"An issue has been detected in the CTX269106 mitigation tool for the Citrix ShareFile storage zones controller, where the 'Enable Encryption' feature may inadvertently be disabled if previously selected. This affects users who have enabled encryption and subsequently run the mitigation tool without reactivating the setting. Users who either did not apply the mitigation tool or reactivated the encryption option after running it are not impacted. Proper attention to configuration settings is essential to maintain encryption and secure data.",Citrix,Citrix Sharefile Storage Zones Controller,7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2021-08-16T18:38:51.000Z,0