PT-2018-10033 · Citrix+1 · Citrix Xenmobile Server+1

Published

2018-05-23

Updated

2018-06-25

CVE-2018-10654

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Citrix XenMobile Server versions 10.7 before RP3 and 10.8 before RP2

Description The issue concerns a Java Deserialization Vulnerability in the Hazelcast Library used by Citrix XenMobile Server.

Recommendations For versions 10.7 before RP3, update to RP3 or later to resolve the issue. For versions 10.8 before RP2, update to RP2 or later to resolve the issue.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-10654

Affected Products

Citrix Xenmobile Server

Hazelcast Library

PT-2018-10033 · Citrix+1 · Citrix Xenmobile Server+1

CVE-2018-10654

Weakness Enumeration

Related Identifiers

Affected Products

References · 3