CVE-2021-22927
published 2021-08-05CVE-2021-22927: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to…
PriorityP339high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
EPSS
0.84%
53.2th percentile
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | >= 11.1 < 11.1-65.22 | 11.1-65.22 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-62.27 | 12.1-62.27 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-55.238 | 12.1-55.238 |
| citrix | application_delivery_controller_firmware | >= 13.0 < 13.0-82.45 | 13.0-82.45 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | gateway | >= 12.1 < 12.1-62.27 | 12.1-62.27 |
| citrix | gateway | >= 13.0 < 13.0-82.45 | 13.0-82.45 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 11.1 < 11.1-65.22 | 11.1-65.22 |
| citrix | workspace | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2021-22927: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker
vendor_citrix·2021-08-05·CVSS 8.1
CVE-2021-22927 [HIGH] CWE-384 CVE-2021-22927: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker
CVE-2021-22927: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
vendor_citrix·2021-07-19·CVSS 7.5
CVE-2021-22919 [HIGH] CWE-284 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
CWE
CVE References: CVE-2021-22919, CVE-2021-22920, CVE-2021-22927
Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler ADC, NetScaler Gateway, Workspace, XenServer
Severity: High
GHSA
GHSA-j95v-2qpj-v897: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13
ghsa_unreviewed·2022-05-24
CVE-2021-22927 [HIGH] CWE-384 GHSA-j95v-2qpj-v897: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-08-05
Published