CVE-2021-22907
published 2021-05-27CVE-2021-22907: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.24%
14.9th percentile
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_workspace | — | — |
| citrix | citrix_workspace_app | — | — |
| citrix | workspace | < 19.12.4000 | 19.12.4000 |
| citrix | workspace | < 2105 | 2105 |
| citrix | workspace | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2021-22907: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 21
vendor_citrix·2021-05-27·CVSS 7.8
CVE-2021-22907 [HIGH] CWE-284 CVE-2021-22907: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 21
CVE-2021-22907: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
Citrix
Citrix Workspace App Security Update
vendor_citrix·2021-05-11·CVSS 7.8
CVE-2021-22907 [HIGH] CWE-284 Citrix Workspace App Security Update
Citrix Workspace App Security Update
of Problem A vulnerability has been identified that could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows. The vulnerability has the following identifier: CVE ID Description Vulnerability Type Pre-conditions CVE-2021-22907 Local privilege Escalation CWE-284: Improper Access Control Local user access to a system where Citrix Workspace App for Windows has been installed by an account with administrator privileges This vulnerability affects all supported versions of Citrix Workspace app for Windows but does not affect Citrix Workspace app on any other platforms. Citrix Workspace app downloaded from Windows Store is also not affected by this issue.
CVE References: CVE-2021-22907
Af
GHSA
GHSA-j68c-rj4v-fjjr: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 21
ghsa_unreviewed·2022-05-24
CVE-2021-22907 [HIGH] CWE-269 GHSA-j68c-rj4v-fjjr: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 21
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-27
Published