Vulnerability Details CVE-2020-8274
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-8274
-
cpe:2.3:a:citrix:secure_mail:-