Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-10653 — XML External Entity (XXE) Injection in Citrix Xenmobile Server

CWE-611 — XML External Entity (XXE) Injection5 documents4 sources

Severity

9.8CRITICALNVD

EPSS

11.5%

top 6.36%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Citrix Xenmobile Server Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedMay 23

Latest updateMay 13

Description

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDcitrix/xenmobile_server10.7, 10.8+1

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

🔴Vulnerability Details

GHSA

GHSA-5mvv-g3g9-g2pc: There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Citrix XenMobile Server 10.8 - XML External Entity Injection↗2020-01-22

▶

📋Vendor Advisories

Citrix

CVE-2018-10653: There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.↗2018-05-23

▶

Citrix

Citrix Security Bulletin CTX234879↗

▶