CVE-2022-27505 — Cross-site Scripting in Citrix Sd-wan

CWE-79 — Cross-site Scripting CWE-798 — Hard-coded Credentials1 documents1 sources

Severity

6.1MEDIUM

No vector

EPSS

0.6%

top 30.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Sd-wan Citrix Sd-wan Citrix Xenserver

Timeline

Description

Citrix SD-WAN Security Bulletin for CVE-2022-27505 and CVE-2022-27506 CWE CVE References: CVE-2022-27505, CVE-2022-27506 Affected Products: Citrix SD-WAN, SD-WAN, XenServer Severity: High Remediation: as soon as possible. This issue has been addressed in the following supported Citrix SD-WAN versions: Citrix SD-WAN Standard/Premium Edition Appliance versions 11.4.3a and above CVE-2022-27506: Citrix recommends that affected customers upgrade to a fixed version as their patching schedule allows…

Affected Packages3 packages

▶citrixcitrix/xenserver

▶citrixcitrix/sd-wan

▶citrixcitrix/citrix_sd-wan

📋Vendor Advisories

Citrix

Citrix SD-WAN Security Bulletin for CVE-2022-27505 and CVE-2022-27506↗

▶