Vulnerability Details CVE-2019-13608
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.294
EPSS Ranking 96.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Proposed Action
Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
Ransomware Campaign
Known
References
Products affected by CVE-2019-13608
-
cpe:2.3:a:citrix:storefront_server:-
-
cpe:2.3:a:citrix:storefront_server:1811
-
cpe:2.3:a:citrix:storefront_server:3.0
-
cpe:2.3:a:citrix:storefront_server:3.0.8000
-
cpe:2.3:a:citrix:storefront_server:3.0.8001
-
cpe:2.3:a:citrix:storefront_server:3.11
-
cpe:2.3:a:citrix:storefront_server:3.12
-
cpe:2.3:a:citrix:storefront_server:3.12.4000
-
cpe:2.3:a:citrix:storefront_server:3.12.5001
-
cpe:2.3:a:citrix:storefront_server:3.13
-
cpe:2.3:a:citrix:storefront_server:3.14
-
cpe:2.3:a:citrix:storefront_server:3.15
-
cpe:2.3:a:citrix:storefront_server:3.16
-
cpe:2.3:a:citrix:storefront_server:3.5
-
cpe:2.3:a:citrix:storefront_server:3.6
-
cpe:2.3:a:citrix:storefront_server:3.7
-
cpe:2.3:a:citrix:storefront_server:3.8
-
cpe:2.3:a:citrix:storefront_server:3.9