CVE-2014-8495Citrix Xenmobile vulnerability

CWE-3104 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 40.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Citrix XenmobileCitrix ADMCitrix Hypervisor+5 more
Timeline
PublishedOct 31
Latest updateMay 17

Description

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages8 packages

NVDcitrix/xenmobile9.0.3+5

Patches

Patch: support.citrix.comPatch: support.citrix.com

🔴Vulnerability Details

1
GHSA
GHSA-5hjc-f8rq-vrp6: Citrix XenMobile MDX Toolkit before 92022-05-17

📋Vendor Advisories

2
Citrix
CVE-2014-8495: Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows conte2014-10-31
Citrix
Citrix Security Bulletin CTX200260