Citrix Adc vulnerabilities

CVE-2024-8534 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535 of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details. CVE References: CVE-2024-8534, CVE-2024-8535 Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetScaler

CVE-2024-5491 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492 of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer to below for further details: CVE References: CVE-2024-5491, CVE-2024-5492 Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetSca

CVE-2023-6548 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Pre-requisites CWE CVE-2023-6548 Authenticated (low privileged) remote code execution on Management Interface Access to NSIP, CLIP or SNIP with management interface access CWE-94 CVE-2023-6549 Denial of Service and Out-Of-Bounds Memory Read Appliance must be configured as a Gateway (VPN vi

CVE-2023-4966 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 Pre-requisites CWE CVE-2023-4966 Sensitive information disclosure Application must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-119 CVE-2023-4967 Denial of service Appliance must be configured as a Gateway (VPN virtual server, ICA Prox

CVE-2023-3466 [MEDIUM] CWE-20 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Pre-requisites CWE CVE-2023-3466 Citrix ADC, Citrix Gateway Reflected Cross-Site Scripting (XSS) Requires victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIP CWE-20 CVE-2023-3467 Citrix ADC, Citrix Gateway Privileg

CVE-2023-24488 [MEDIUM] CWE-79 CVE-2023-24488: Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting CVE-2023-24488: Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting

CVE-2023-24487 [MEDIUM] CWE-253 CVE-2023-24487: Arbitrary file read in Citrix ADC and Citrix Gateway CVE-2023-24487: Arbitrary file read in Citrix ADC and Citrix Gateway

CVE-2019-18177 [MEDIUM] CWE-200 CVE-2019-18177: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affe CVE-2019-18177: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

CVE-2022-27518 [CRITICAL] CWE-664 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 CWE CVE References: CVE-2022-27518 Affected Products: Citrix ADC, Citrix Gateway, XenServer Severity: Critical

CVE-2022-27510 [CRITICAL] CWE-288 Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 CWE CVE References: CVE-2022-27510, CVE-2022-27513, CVE-2022-27516 Affected Products: Citrix ADC, Citrix Gateway, XenServer Severity: Critical

CVE-2021-22956 [HIGH] MaxClient on Httpd MaxClient on Httpd CVE References: CVE-2021-22956 Affected Products: Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler Gateway, XenServer Remediation: To address this issue, a setting, 'maxclientForHttpdInternalService', has been introduced in the following versions: Citrix ADC and Citrix Gateway 13.1-4.43 and later releases of 13.1 Citrix ADC and Citrix Gateway 13.0-83.27 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-63.22 and

CVE-2021-22955 [HIGH] CWE-400 CVE-2021-22955: A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or A CVE-2021-22955: A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

CVE-2021-22919 [HIGH] CWE-770 CVE-2021-22919: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citr CVE-2021-22919: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited ava

CVE-2021-22927 [HIGH] CWE-384 CVE-2021-22927: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker CVE-2021-22927: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

CVE-2021-22920 [MEDIUM] CWE-284 CVE-2021-22920: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citr CVE-2021-22920: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing at

CVE-2020-8300 [MEDIUM] CWE-284 CVE-2020-8300: Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper acc CVE-2020-8300: Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Ga

CVE-2020-8299 [MEDIUM] CWE-400 CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WAN CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-ba

CVE-2020-8246 [HIGH] CWE-400 CVE-2020-8246: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187 CVE-2020-8246: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, C

CVE-2020-8247 [HIGH] CWE-269 CVE-2020-8247: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187 CVE-2020-8247: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, C

CVE-2020-8245 [MEDIUM] CWE-269 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabil