CVE-2020-8198
published 2020-07-10CVE-2020-8198: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.97%
57.5th percentile
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | >= 10.5 < 10.5-70.18 | 10.5-70.18 |
| citrix | application_delivery_controller_firmware | >= 11.1 < 11.1-64.14 | 11.1-64.14 |
| citrix | application_delivery_controller_firmware | >= 12.0 < 12.0-63.21 | 12.0-63.21 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-57.18 | 12.1-57.18 |
| citrix | application_delivery_controller_firmware | >= 13.0 < 13.0-58.30 | 13.0-58.30 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | gateway_firmware | >= 13.0 < 13.0-58.30 | 13.0-58.30 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway_firmware | >= 10.5 < 10.5-70.18 | 10.5-70.18 |
| citrix | netscaler_gateway_firmware | >= 11.1 < 11.1-64.14 | 11.1-64.14 |
| citrix | netscaler_gateway_firmware | >= 12.0 < 12.0-63.21 | 12.0-63.21 |
| citrix | netscaler_gateway_firmware | >= 12.1 < 12.1-57.18 | 12.1-57.18 |
| citrix | sd-wan | — | — |
| citrix | sd-wan_wanop | >= 10.2 < 10.2.7 | 10.2.7 |
| citrix | sd-wan_wanop | >= 11.0 < 11.0.3d | 11.0.3d |
| citrix | sd-wan_wanop | >= 11.1 < 11.1.1a | 11.1.1a |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-86ff-94h8-c742: Improper input validation in Citrix ADC and Citrix Gateway versions before 13
ghsa_unreviewed·2022-05-24
CVE-2020-8198 [MEDIUM] GHSA-86ff-94h8-c742: Improper input validation in Citrix ADC and Citrix Gateway versions before 13
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
vendor_citrix·2020-08-17·CVSS 6.5
CVE-2019-18177 [MEDIUM] Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues including: Attacks that are limited to the management interface System compromise by an unauthenticated user on the management network. System compromise through Cross Site Scripting (XSS) on the management interface Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the c
Citrix
CVE-2020-8198: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SD
vendor_citrix·2020-07-10·CVSS 6.1
CVE-2020-8198 [MEDIUM] CWE-79 CVE-2020-8198: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SD
CVE-2020-8198: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
No detection rules found.
No public exploits indexed.
2020-07-10
Published