CVE-2018-10648Unrestricted File Upload in Citrix Xenmobile Server

CWE-434Unrestricted File Upload4 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 31.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Citrix Xenmobile ServerCitrix ADMCitrix Hypervisor+5 more
Timeline
PublishedMay 23
Latest updateMay 14

Description

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

NVDcitrix/xenmobile_server10.7, 10.8+1

🔴Vulnerability Details

1
GHSA
GHSA-fp27-jv32-6mpx: There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 102022-05-14

📋Vendor Advisories

2
Citrix
CVE-2018-10648: There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.2018-05-23
Citrix
Citrix Security Bulletin CTX234879