Citrix Xenapp vulnerabilities

CVE-2021-22928 [HIGH] CWE-284 Citrix Virtual Apps and Desktops Security Update Citrix Virtual Apps and Desktops Security Update Vulnerability Type Pre-conditions CVE-2021-22928 Local privilege escalation on a Windows VDA CWE-284: Improper Access Control Authenticated access to a VDA with Citrix Profile Management or Citrix Profile Management WMI Plugin installed The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops and XenApp / XenDesktop: Citrix Virtual

CVE-2020-8269 [HIGH] CWE-269 Citrix Virtual Apps and Desktops Security Update Citrix Virtual Apps and Desktops Security Update of Problem Vulnerabilities have been identified in Citrix Virtual Apps and Desktops that could, if exploited, result in: An authenticated user of a multi-session Windows VDA, who has been granted permission to write to c:\ root directory, being able to escalate their privilege level on that VDA to SYSTEM An authenticated user of a Windows VDA with Citrix App-V service i

CVE-2022-27503 [MEDIUM] CWE-79 Citrix StoreFront Security Bulletin for CVE-2022-27503 Citrix StoreFront Security Bulletin for CVE-2022-27503 Type Pre-requisites CVE-2022-27503 Reflected Cross Site Scripting (XSS) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A victim user must have a current session on a StoreFront that has been configured to use SAML authentication The issue affects the following supported versions of Citrix StoreFront: Citrix Sto