CVE-2021-22907 — Improper Access Control in Citrix Workspace

CWE-284 — Improper Access Control CWE-269 — Improper Privilege Management4 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 68.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Workspace Citrix Workspace Citrix Workspace APP +1 more

Timeline

PublishedMay 27

Latest updateMay 24

Description

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDcitrix/workspace< 19.12.4000+1

▶citrixcitrix/workspace

▶citrixcitrix/citrix_workspace

▶citrixcitrix/citrix_workspace_app

▶citrixcitrix/xenserver

🔴Vulnerability Details

GHSA

GHSA-j68c-rj4v-fjjr: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 21↗2022-05-24

▶

📋Vendor Advisories

Citrix

CVE-2021-22907: An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 21↗2021-05-27

▶

Citrix

Citrix Workspace App Security Update↗2021-05-11

▶