Citrix Adc vulnerabilities
34 known vulnerabilities affecting citrix/citrix_adc.
Total CVEs
34
CISA KEV
6
actively exploited
Public exploits
7
Exploited in wild
8
Severity breakdown
CRITICAL2HIGH16MEDIUM16
Vulnerabilities
Page 2 of 2
CVE-2020-8199HIGHCVSS 7.82020-07-10
CVE-2020-8199 [HIGH] CVE-2020-8199: Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.
CVE-2020-8199: Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.
citrix
CVE-2020-8197HIGHCVSS 8.82020-07-10
CVE-2020-8197 [HIGH] CVE-2020-8197: Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allo
CVE-2020-8197: Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
citrix
CVE-2020-8190HIGHCVSS 7.52020-07-10
CVE-2020-8190 [HIGH] CWE-281 CVE-2020-8190: Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privi
CVE-2020-8190: Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
citrix
CVE-2020-8187HIGHCVSS 7.52020-07-10
CVE-2020-8187 [HIGH] CWE-20 CVE-2020-8187: Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial o
CVE-2020-8187: Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.
citrix
CVE-2020-8191MEDIUMCVSS 6.1ExploitedPoC2020-07-10
CVE-2020-8191 [MEDIUM] CWE-79 CVE-2020-8191: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SD
CVE-2020-8191: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
citrix
CVE-2020-8198MEDIUMCVSS 6.12020-07-10
CVE-2020-8198 [MEDIUM] CWE-79 CVE-2020-8198: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SD
CVE-2020-8198: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
citrix
CVE-2020-8194MEDIUMCVSS 6.5PoC2020-07-10
CVE-2020-8194 [MEDIUM] CWE-94 CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDW
CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
citrix
CVE-2020-8193MEDIUMCVSS 6.5KEVPoC2020-07-10
CVE-2020-8193 [MEDIUM] CWE-284 CVE-2020-8193: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWA
CVE-2020-8193: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
CISA KEV: Citrix ADC, Citrix
citrix
CVE-2020-8195MEDIUMCVSS 6.5KEVPoC2020-07-10
CVE-2020-8195 [MEDIUM] CWE-20 CVE-2020-8195: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SD
CVE-2020-8195: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CISA KEV: Citr
citrix
CVE-2020-8196MEDIUMCVSS 4.3KEVPoC2020-07-10
CVE-2020-8196 [MEDIUM] CWE-284 CVE-2020-8196: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWA
CVE-2020-8196: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CISA KEV: Citri
citrix
CVE-2020-10111HIGHCVSS 7.52020-03-06
CVE-2020-10111 [HIGH] CWE-444 CVE-2020-10111: Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security
CVE-2020-10111: Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization
citrix
CVE-2020-10110MEDIUMCVSS 5.32020-03-06
CVE-2020-10110 [MEDIUM] CVE-2020-10110: Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensit
CVE-2020-10110: Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and
citrix
CVE-2020-10112MEDIUMCVSS 5.42020-03-06
CVE-2020-10112 [MEDIUM] CWE-444 CVE-2020-10112: Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches stat
CVE-2020-10112: Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that
citrix
CVE-2022-21827HIGHCVSS 7.1
CVE-2022-21827 [HIGH] CWE-284 Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827
Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827
CWE Pre-conditions CVE-2022-21827 Arbitrary corruption or deletion of files as SYSTEM CWE-284: Improper Access Control Local access to a machine that has the vulnerable plug-in installed The following supported versions of Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) are affected by this vulnerabili
citrix
← Previous2 / 2