CVE-2018-18571
published 2019-06-05CVE-2018-18571: An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An…
PriorityP356critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
2.81%
84.8th percentile
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenmobile_server | — | — |
| citrix | xenmobile_server | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2018-18571: An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch
vendor_citrix·2019-06-05·CVSS 9.1
CVE-2018-18571 [CRITICAL] CWE-287 CVE-2018-18571: An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch
CVE-2018-18571: An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
Citrix
Citrix Security Bulletin CTX247736
vendor_citrix·CVSS 9.1
CVE-2018-18571 [CRITICAL] Citrix Security Bulletin CTX247736
Citrix Security Bulletin CTX247736
CVE References: CVE-2018-18571, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-7jjf-xpvq-grpr: An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10
ghsa_unreviewed·2022-05-24
CVE-2018-18571 [CRITICAL] GHSA-7jjf-xpvq-grpr: An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-05
Published