CVE-2022-27512 — Improper Control of a Resource Through its Lifetime in Citrix Application Delivery Management

CWE-664 — Improper Control of a Resource Through its Lifetime CWE-416 — Use After Free CWE-284 — Improper Access Control6 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.9%

top 24.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Application Delivery Management Citrix Application Delivery Management Citrix ADM +1 more

Timeline

PublishedJun 16

Latest updateJul 1

Description

Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDcitrix/application_delivery_management13.1 — 13.1-21.53+1

▶CVEListV5citrix/citrix_application_delivery_managementunspecified — 13.1-21.53+1

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/citrix_application_delivery_management

🔴Vulnerability Details

GHSA

GHSA-jgxv-3vwf-pphp: Temporary disruption of the ADM license service↗2022-06-17

▶

📋Vendor Advisories

Citrix

Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512↗2022-06-27

▶

Citrix

CVE-2022-27512: Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.↗2022-06-16

▶

🕵️Threat Intelligence

Tenable

Cybersecurity Snapshot: 6 Things That Matter Right Now↗2022-07-01

▶

Tenable

CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management Vulnerabilities↗2022-06-17

▶