CVE-2009-3936 — Citrix Online Plug-in FOR MAC vulnerability

CWE-3104 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.3%

top 43.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Online Plug-in FOR MAC Citrix Online Plug-in FOR Windows Citrix Receiver FOR Iphone +9 more

Timeline

PublishedNov 13

Latest updateMay 2

Description

Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages11 packages

▶NVDcitrix/online_plug-in10.0+2

▶NVDcitrix/receiver1.0

▶citrixcitrix/xenapp

▶citrixcitrix/xenserver

▶citrixcitrix/xendesktop

Patches

Patch: support.citrix.com ↗Patch: www.vupen.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-4j5r-cf8c-49vp: Unspecified vulnerability in Citrix Online Plug-in for Windows 11↗2022-05-02

▶

📋Vendor Advisories

Citrix

CVE-2009-3936: Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiv↗2009-11-13

▶

Citrix

Citrix Security Bulletin CTX123248↗

▶