Citrix Netscaler Adc Gateway vulnerabilities
73 known vulnerabilities affecting citrix/netscaler_adc_gateway.
Total CVEs
73
CISA KEV
3
actively exploited
Public exploits
12
Exploited in wild
3
Severity breakdown
CRITICAL19HIGH16MEDIUM38
Vulnerabilities
Page 2 of 4
CVE-2019-6485MEDIUMCVSS 5.92019-02-22
CVE-2019-6485 [MEDIUM] CWE-327 CVE-2019-6485: Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5
CVE-2019-6485: Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.
citrix
CVE-2018-18517MEDIUMCVSS 4.82018-10-24
CVE-2018-18517 [MEDIUM] CWE-79 CVE-2018-18517: Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
CVE-2018-18517: Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
citrix
CVE-2018-17448CRITICALCVSS 9.82018-10-23
CVE-2018-17448 [CRITICAL] CVE-2018-17448: An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17448: An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
citrix
CVE-2018-17445CRITICALCVSS 9.82018-10-23
CVE-2018-17445 [CRITICAL] CWE-77 CVE-2018-17445: A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17445: A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
citrix
CVE-2018-17446CRITICALCVSS 9.82018-10-23
CVE-2018-17446 [CRITICAL] CWE-89 CVE-2018-17446: A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17446: A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
citrix
CVE-2018-17447HIGHCVSS 7.52018-10-23
CVE-2018-17447 [HIGH] CWE-532 CVE-2018-17447: An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.
CVE-2018-17447: An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
citrix
CVE-2018-17444HIGHCVSS 7.52018-10-23
CVE-2018-17444 [HIGH] CWE-22 CVE-2018-17444: A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17444: A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
citrix
CVE-2018-7218CRITICALCVSS 9.82018-05-17
CVE-2018-7218 [CRITICAL] CVE-2018-7218: The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.2
CVE-2018-7218: The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.
citrix
CVE-2018-6811MEDIUMCVSS 6.12018-03-06
CVE-2018-6811 [MEDIUM] CWE-79 CVE-2018-6811: Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12
CVE-2018-6811: Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
citrix
CVE-2018-5314HIGHCVSS 7.52018-03-01
CVE-2018-5314 [HIGH] CWE-287 CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build
CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edi
citrix
CVE-2018-6186HIGHCVSS 8.82018-02-01
CVE-2018-6186 [HIGH] CWE-918 CVE-2018-6186: Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. T
CVE-2018-6186: Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
citrix
CVE-2017-17549MEDIUMCVSS 5.92017-12-13
CVE-2017-17549 [MEDIUM] CWE-200 CVE-2017-17549: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19
CVE-2017-17549: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveragin
citrix
CVE-2017-17382MEDIUMCVSS 5.92017-12-13
CVE-2017-17382 [MEDIUM] CWE-327 CVE-2017-17382: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19
CVE-2017-17382: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding or
citrix
CVE-2017-14602HIGHCVSS 7.22017-09-26
CVE-2017-14602 [HIGH] CWE-287 CVE-2017-14602: A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 b
CVE-2017-14602: A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 befo
citrix
CVE-2015-3642MEDIUMCVSS 5.92017-08-02
CVE-2015-3642 [LOW] CWE-200 CVE-2015-3642: The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x be
CVE-2015-3642: The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e be
citrix
CVE-2017-6316CRITICALCVSS 9.8KEVPoC2017-07-20
CVE-2017-6316 [CRITICAL] CVE-2017-6316: Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On
CVE-2017-6316: Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CISA KEV: A vulnerability has be
citrix
CVE-2017-7219HIGHCVSS 8.82017-04-13
CVE-2017-7219 [HIGH] CWE-119 CVE-2017-7219: A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.
CVE-2017-7219: A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
citrix
CVE-2017-5933MEDIUMCVSS 5.92017-02-08
CVE-2017-5933 [MEDIUM] CWE-200 CVE-2017-5933: Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM
CVE-2017-5933: Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused
citrix
CVE-2016-9028HIGHCVSS 8.82016-10-28
CVE-2016-9028 [HIGH] CWE-254 CVE-2016-9028: Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker t
CVE-2016-9028: Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
citrix
CVE-2016-4945MEDIUMCVSS 6.12016-06-01
CVE-2016-4945 [MEDIUM] CWE-79 CVE-2016-4945: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attack
CVE-2016-4945: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.
citrix