⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2019-13608 — XML External Entity (XXE) Injection in Citrix Storefront Server

CWE-611 — XML External Entity (XXE) Injection7 documents6 sources

Severity

7.5HIGHNVD

EPSS

71.3%

top 1.28%

CISA KEV

KEVRansomware

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Citrix Storefront Server Citrix Storefront Citrix Netscaler Gateway +2 more

Timeline

PublishedAug 29

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDcitrix/storefront_server1811 — 1903+2

▶citrixcitrix/xenserver

▶citrixcitrix/storefront

▶citrixcitrix/citrix_storefront

▶citrixcitrix/netscaler_gateway

🔴Vulnerability Details

GHSA

GHSA-22h8-5mmq-pgx3: Citrix StoreFront Server before 1903, 7↗2022-05-24

▶

VulnCheck

Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability↗2019

▶

💥Exploits & PoCs

Nuclei

Citrix StoreFront Server - XML External Entity

▶

📋Vendor Advisories

CISA

Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability↗2021-11-03

▶

Citrix

CVE-2019-13608: Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.↗2019-08-29

▶

Citrix

CVE-2019-13608 - XML External Entity (XXE) Processing Vulnerability in Citrix StoreFront Server↗

▶