cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-44519,https://securityvulnerability.io/vulnerability/CVE-2021-44519,Authenticated Directory Traversal Vulnerability in Citrix XenMobile Server,"Citrix XenMobile Server versions up to and including 10.12 RP9 have a vulnerability that allows authenticated users to exploit directory traversal, potentially leading to remote code execution. This can pose serious security risks, enabling unauthorized access to sensitive system files and manipulation of the server's operation. It's crucial for organizations using XenMobile to assess their systems and apply necessary patches to mitigate this risk.",Citrix,Xenmobile Server,8.8,HIGH,0.016459999606013298,false,,false,false,false,,,false,false,,2022-04-19T15:26:27.000Z,0
CVE-2021-44520,https://securityvulnerability.io/vulnerability/CVE-2021-44520,Authenticated Command Injection Vulnerability in Citrix XenMobile Server,"An Authenticated Command Injection vulnerability has been identified in Citrix XenMobile Server versions up to 10.12 RP9. This flaw allows an authenticated user to inject arbitrary commands, which can be executed with root privileges, potentially leading to unauthorized remote code execution. Organizations using these versions of XenMobile Server should take immediate action to mitigate the risks associated with this vulnerability.",Citrix,Xenmobile Server,8.8,HIGH,0.016019999980926514,false,,false,false,false,,,false,false,,2022-04-13T00:15:00.000Z,0
CVE-2022-26151,https://securityvulnerability.io/vulnerability/CVE-2022-26151,Command Injection Vulnerability in Citrix XenMobile Server,"Citrix XenMobile Server versions 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 are susceptible to a command injection vulnerability. This issue allows attackers to execute arbitrary commands on the server, potentially compromising the integrity and confidentiality of the system. Organizations using these versions should prioritize mitigation measures to safeguard their environments against unauthorized access and potential exploitation.",Citrix,Xenmobile Server,7.2,HIGH,0.020549999549984932,false,,false,false,false,,,false,false,,2022-04-13T00:15:00.000Z,0
CVE-2020-8253,https://securityvulnerability.io/vulnerability/CVE-2020-8253,Improper Authentication Vulnerability in Citrix XenMobile Server by Citrix,"Citrix XenMobile Server versions prior to 10.12 RP2, 10.11 RP4, 10.10 RP6, and 10.9 RP5 are susceptible to an improper authentication vulnerability that could potentially allow an attacker to gain unauthorized access to sensitive files on the server. This vulnerability highlights the importance of securing authentication mechanisms to protect against unauthorized data access.",Citrix,Citrix Xenmobile Server,7.5,HIGH,0.00215999991632998,false,,false,false,false,,,false,false,,2020-09-18T20:12:00.000Z,0
CVE-2020-8212,https://securityvulnerability.io/vulnerability/CVE-2020-8212,Improper Access Control in Citrix XenMobile Server: Citrix Vulnerability,"Citrix XenMobile Server versions prior to specific release points are susceptible to improper access control vulnerabilities. This flaw allows unauthorized users to gain access to privileged functionalities, potentially leading to unauthorized actions within the system. Organizations utilizing these affected versions may face significant security risks if not promptly addressed. For detailed information, consult the support resources provided by Citrix.",Citrix,Citrix Xenmobile Server,9.8,CRITICAL,0.00343999988399446,false,,false,false,false,,,false,false,,2020-08-17T15:40:35.000Z,0
CVE-2020-8211,https://securityvulnerability.io/vulnerability/CVE-2020-8211,SQL Injection Vulnerability in Citrix XenMobile Server,"Improper input validation in various versions of Citrix XenMobile Server allows attackers to exploit SQL Injection vulnerabilities, potentially leading to unauthorized access to sensitive information. This affects multiple releases, including 10.12 before RP3, 10.11 before RP6, and earlier versions. It is crucial for Citrix users to apply the necessary patches to mitigate the risk associated with this vulnerability.",Citrix,Citrix Xenmobile Server,9.8,CRITICAL,0.0017399999778717756,false,,false,false,false,,,false,false,,2020-08-17T15:40:20.000Z,0
CVE-2020-8210,https://securityvulnerability.io/vulnerability/CVE-2020-8210,Insufficient Secrets Protection in Citrix XenMobile Server by Citrix,"This vulnerability relates to inadequate protection mechanisms in Citrix XenMobile Server that could result in the exposure of service account credentials. Specifically, certain versions of the server failed to securely manage sensitive information, allowing unauthorized parties to potentially access critical credentials, which could lead to further exploitation within the network.",Citrix,Citrix Xenmobile Server,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-08-17T15:39:33.000Z,0
CVE-2020-8209,https://securityvulnerability.io/vulnerability/CVE-2020-8209,Improper Access Control in Citrix XenMobile Server Products,"The Citrix XenMobile Server products exhibit improper access control, allowing unauthorized users to read arbitrary files. This vulnerability affects multiple versions, including 10.12 before RP2 and earlier versions down to 10.9 before RP5. Administrators are advised to apply the latest patches to mitigate the risk of sensitive data exposure.",Citrix,Citrix Xenmobile Server,7.5,HIGH,0.9703400135040283,false,,false,false,true,2020-11-17T07:20:46.000Z,true,false,false,,2020-08-17T15:37:15.000Z,0
CVE-2020-8208,https://securityvulnerability.io/vulnerability/CVE-2020-8208,Cross-Site Scripting Vulnerability in Citrix XenMobile Server by Citrix,"Improper input validation in certain versions of Citrix XenMobile Server exposes the software to Cross-Site Scripting (XSS) attacks. Attackers may exploit this vulnerability to execute arbitrary scripts in a user's browser session, potentially leading to unauthorized access or the disclosure of sensitive information. It is advisable for users to update their systems to the latest versions where this issue has been addressed. For further details, refer to the support documentation provided by Citrix.",Citrix,Citrix Xenmobile Server,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-08-17T15:36:10.000Z,0
CVE-2018-18571,https://securityvulnerability.io/vulnerability/CVE-2018-18571,Incorrect Access Control Vulnerability in Citrix XenMobile Server,"An issue has been discovered in Citrix XenMobile Server, allowing attackers to impersonate any device enrolled for Mobile Application Management (MAM). This vulnerability arises from inadequate access controls, which could enable unauthorized actions on behalf of legitimate users. Affected versions include XenMobile Server 10.8.0 prior to Rolling Patch 6 and 10.9.0 before Rolling Patch 3. Addressing this issue is crucial for maintaining security and integrity within mobile management systems.",Citrix,Xenmobile Server,9.1,CRITICAL,0.00107999995816499,false,,false,false,false,,,false,false,,2019-06-05T14:53:57.000Z,0
CVE-2018-18014,https://securityvulnerability.io/vulnerability/CVE-2018-18014,,"* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001.  NOTE: the vendor disputes that this is a vulnerability, stating it is ""already mitigated by the internal firewall that limits access to configuration services to localhost.",Citrix,Xenmobile Server,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-10-24T21:00:00.000Z,0
CVE-2018-18013,https://securityvulnerability.io/vulnerability/CVE-2018-18013,,"* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability.  NOTE: the vendor disputes that this is a vulnerability, stating it is ""already mitigated by the internal firewall that limits access to configuration services to localhost.",Citrix,Xenmobile Server,7.8,HIGH,0.0088900001719594,false,,false,false,false,,,false,false,,2018-10-24T21:00:00.000Z,0
CVE-2018-10653,https://securityvulnerability.io/vulnerability/CVE-2018-10653,,There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.,Citrix,Xenmobile Server,9.8,CRITICAL,0.02418999932706356,false,,false,false,false,,,false,false,,2018-05-23T17:00:00.000Z,0
CVE-2018-10652,https://securityvulnerability.io/vulnerability/CVE-2018-10652,,There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.,Citrix,Xenmobile Server,7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2018-05-23T17:00:00.000Z,0
CVE-2018-10648,https://securityvulnerability.io/vulnerability/CVE-2018-10648,,There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.,Citrix,Xenmobile Server,9.8,CRITICAL,0.00215000007301569,false,,false,false,false,,,false,false,,2018-05-23T17:00:00.000Z,0
CVE-2018-10651,https://securityvulnerability.io/vulnerability/CVE-2018-10651,,There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.,Citrix,Xenmobile Server,6.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2018-05-23T17:00:00.000Z,0
CVE-2018-10649,https://securityvulnerability.io/vulnerability/CVE-2018-10649,,There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.,Citrix,Xenmobile Server,6.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2018-05-23T17:00:00.000Z,0
CVE-2018-10650,https://securityvulnerability.io/vulnerability/CVE-2018-10650,,There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.,Citrix,Xenmobile Server,7.8,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2018-05-23T17:00:00.000Z,0
CVE-2018-10654,https://securityvulnerability.io/vulnerability/CVE-2018-10654,,There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.,Citrix,Xenmobile Server,8.1,HIGH,0.001879999996162951,false,,false,false,false,,,false,false,,2018-05-23T17:00:00.000Z,0
CVE-2017-9231,https://securityvulnerability.io/vulnerability/CVE-2017-9231,,XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.,Citrix,Xenmobile Server,7.5,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2017-06-16T22:00:00.000Z,0
CVE-2016-6877,https://securityvulnerability.io/vulnerability/CVE-2016-6877,,"Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page.  NOTE: the vendor reports ""our internal analysis of this issue concluded that this was not a valid vulnerability"" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session",Citrix,Xenmobile Server,5.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2017-05-05T20:00:00.000Z,0
CVE-2016-2789,https://securityvulnerability.io/vulnerability/CVE-2016-2789,,"Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",Citrix,Xenmobile Server,6.1,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2016-04-07T23:59:00.000Z,0