CVE-2022-26151
published 2022-04-13CVE-2022-26151: Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
PriorityP351high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
7.58%
93.8th percentile
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_endpoint_management | — | — |
| citrix | citrix_xenmobile | — | — |
| citrix | xenmobile | — | — |
| citrix | xenmobile_server | — | — |
| citrix | xenmobile_server | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2022-26151: Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
vendor_citrix·2022-04-13·CVSS 7.2
CVE-2022-26151 [HIGH] CWE-77 CVE-2022-26151: Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
CVE-2022-26151: Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
Citrix
Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
vendor_citrix·CVSS 8.8
CVE-2021-44519 [HIGH] CWE-20 Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151
CWE Pre-conditions CVE-2021-44519 Unauthorized access to the underlying OS CWE-284: Improper Access Control A XenMobile console user must have either an admin role or a custom role that has ‘Create Support Bundles’ enabled. These permissions can only be assigned by an admin user. CVE-2021-44520 Unauthorized root access to the underlying OS CWE-284: Improper Access Control Access to the underlying OS CVE-2022-26151 Unauthorized root access to the underlying OS CWE-20: Improper Input Validation Admin access to XenMobile Server CLI The issues affect the following supported versions of Citrix Endpoint Management (XenMobile Server) CVE-2021-44519, CVE-2021-44520 - Medium sever
GHSA
GHSA-rgf2-86fc-62hw: Citrix XenMobile Server 10
ghsa_unreviewed·2022-04-14
CVE-2022-26151 [HIGH] CWE-20 GHSA-rgf2-86fc-62hw: Citrix XenMobile Server 10
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, and 10.14 through RP4 allows Command Injection.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-13
Published