Citrix Xenapp vulnerabilities

12 known vulnerabilities affecting citrix/xenapp.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-22928HIGHCVSS 7.8v7.152021-08-05
CVE-2021-22928 [HIGH] CVE-2021-22928: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, al A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
nvdcitrix
CVE-2020-8283HIGHCVSS 8.8fixed in 7.6≥ 7.7, < 7.15+2 more2020-12-14
CVE-2020-8283 [HIGH] CWE-269 CVE-2020-8283: An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary com An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
nvd
CVE-2020-8269HIGHCVSS 8.8fixed in 7.6≥ 7.7, < 7.15+2 more2020-11-16
CVE-2020-8269 [HIGH] CWE-269 CVE-2020-8269: An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD ve An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
nvdcitrix
CVE-2020-13998MEDIUMCVSS 5.3v6.5.0.02020-06-11
CVE-2020-13998 [MEDIUM] CWE-203 CVE-2020-13998: Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whethe Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
nvdcitrix
CVE-2012-4603HIGHCVSS 7.82020-01-10
CVE-2012-4603 [HIGH] CWE-20 CVE-2012-4603: Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arb CVE-2012-4603: Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.
citrix
CVE-2016-6493CRITICALCVSS 9.8v6.0.0.0v6.5.0.0+6 more2016-08-19
CVE-2016-6493 [CRITICAL] CWE-254 CVE-2016-6493: Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow a Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
nvdcitrix
CVE-2016-4810HIGHCVSS 7.5v7.5v7.62016-06-01
CVE-2016-4810 [HIGH] CWE-284 CVE-2016-4810: Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
nvdcitrix
CVE-2012-5161CRITICALCVSS 9.3v6.5.0.02012-12-26
CVE-2012-5161 [CRITICAL] CVE-2012-5161: The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to exe The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
nvdcitrix
CVE-2010-2990CRITICALCVSS 9.32010-08-11
CVE-2010-2990 [CRITICAL] CWE-119 CVE-2010-2990: Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA C CVE-2010-2990: Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remot
citrix
CVE-2010-2991CRITICALCVSS 9.32010-08-11
CVE-2010-2991 [CRITICAL] CWE-94 CVE-2010-2991: The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp CVE-2010-2991: The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
citrix
CVE-2009-3936MEDIUMCVSS 5.82009-11-13
CVE-2009-3936 [MEDIUM] CWE-310 CVE-2009-3936: Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiv CVE-2009-3936: Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate
citrix
CVE-2016-6276HIGHCVSS 7.8
CVE-2016-6276 [HIGH] CVE-2016-6276 - Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation CVE-2016-6276 - Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation of Problem A vulnerability has been identified in the Linux Virtual Delivery Agent (VDA) component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA. The vulnerability affect
citrix