cbcvebase.
CVE-2021-22907
published 2021-05-27

CVE-2021-22907: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and…

PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.24%
14.9th percentile
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.

Affected

6 ranges
VendorProductVersion rangeFixed in
citrixcitrix_workspace
citrixcitrix_workspace_app
citrixworkspace< 19.12.400019.12.4000
citrixworkspace< 21052105
citrixworkspace
citrixxenserver

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.