Citrix: Security Vulnerabilities
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources
CVSS Score
8.1
EPSS Score
0.002
Published
2024-11-12
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled
CVSS Score
8.1
EPSS Score
0.004
Published
2024-11-12
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
CVSS Score
8.0
EPSS Score
0.001
Published
2024-11-12
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
CVSS Score
8.8
EPSS Score
0.536
Published
2024-11-12
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVSS Score
7.3
EPSS Score
0.0
Published
2024-09-11
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVSS Score
7.3
EPSS Score
0.0
Published
2024-09-11
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-10
Privilege escalation in uberAgent
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-12
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-10
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
CVSS Score
7.5
EPSS Score
0.005
Published
2024-07-10