cbcvebase.
CVE-2021-22927
published 2021-08-05

CVE-2021-22927: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to…

PriorityP339high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
EPSS
0.84%
53.2th percentile
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

Affected

15 ranges
VendorProductVersion rangeFixed in
citrixapplication_delivery_controller_firmware>= 11.1 < 11.1-65.2211.1-65.22
citrixapplication_delivery_controller_firmware>= 12.1 < 12.1-62.2712.1-62.27
citrixapplication_delivery_controller_firmware>= 12.1 < 12.1-55.23812.1-55.238
citrixapplication_delivery_controller_firmware>= 13.0 < 13.0-82.4513.0-82.45
citrixcitrix_adc
citrixcitrix_application_delivery_controller
citrixcitrix_gateway
citrixcitrix_sd-wan_wanop
citrixgateway>= 12.1 < 12.1-62.2712.1-62.27
citrixgateway>= 13.0 < 13.0-82.4513.0-82.45
citrixnetscaler_adc
citrixnetscaler_gateway
citrixnetscaler_gateway>= 11.1 < 11.1-65.2211.1-65.22
citrixworkspace
citrixxenserver

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.