Citrix Xenmobile Server vulnerabilities
22 known vulnerabilities affecting citrix/xenmobile_server.
Total CVEs
22
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH11MEDIUM6
Vulnerabilities
Page 2 of 2
CVE-2016-6877P4MEDIUMCVSS 5.3≤ 10.3.6.3102017-05-05
CVE-2016-6877 [MEDIUM] CWE-20 CVE-2016-6877: Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redi
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle att
nvd
CVE-2018-18014P4MEDIUMCVSS 4.8≤ 10.8.02018-10-24
CVE-2018-18014 [MEDIUM] CWE-287 CVE-2018-18014: * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to exec
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to config
nvd
← Previous2 / 2