CVE-2020-8200
published 2020-09-18CVE-2020-8200: Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a…
PriorityP340medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.33%
67.5th percentile
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_storefront | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | storefront | — | — |
| citrix | storefront_server | < 2006 | 2006 |
| citrix | storefront_server | >= 1912 < 1912.0.1000 | 1912.0.1000 |
| citrix | storefront_server | >= 3.0 < 3.0.8001 | 3.0.8001 |
| citrix | storefront_server | >= 3.12 < 3.12.5001 | 3.12.5001 |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2020-8200: Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domai
vendor_citrix·2020-09-18·CVSS 6.5
CVE-2020-8200 [MEDIUM] CWE-287 CVE-2020-8200: Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domai
CVE-2020-8200: Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
Citrix
Citrix StoreFront Security Update - Security Bulletin
vendor_citrix·2020-09-10·CVSS 6.5
CVE-2020-8200 [MEDIUM] Citrix StoreFront Security Update - Security Bulletin
Citrix StoreFront Security Update - Security Bulletin
A high severity issue has been discovered in Citrix StoreFront that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. This issue has the following identifier: CVE-2020-8200 The issue affects the following supported Current Release (CR) versions of Citrix StoreFront: Citrix StoreFront before 2006 The issue affects the following supported Long Term Service Release (LTSR) versions of Citrix StoreFront: Citrix StoreFront 1912 LTSR before CU1 (1912.0.1000) Citrix StoreFront 3.12 for 7.15 LTSR before CU5 Hotfix (3.12.5001) Citrix StoreFront 3.0 for 7.6 LTSR before CU8 Hotfix (3.0.8001) Note that Citrix StoreFront is
GHSA
GHSA-w42q-r5v6-qw8j: Improper authentication in Citrix StoreFront Server < 1912
ghsa_unreviewed·2022-05-24
CVE-2020-8200 [MEDIUM] GHSA-w42q-r5v6-qw8j: Improper authentication in Citrix StoreFront Server < 1912
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-09-18
Published