PT-2019-9606 · Citrix · Citrix Xenmobile Server

Published

2019-06-05

Updated

2019-09-11

CVE-2018-18571

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Citrix XenMobile Server versions 10.8.0 through 10.8.0 before Rolling Patch 6 Citrix XenMobile Server versions 10.9.0 through 10.9.0 before Rolling Patch 3

Description An Incorrect Access Control issue has been identified, allowing an attacker to impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.

Recommendations For Citrix XenMobile Server version 10.8.0, apply Rolling Patch 6 to resolve the issue. For Citrix XenMobile Server version 10.9.0, apply Rolling Patch 3 to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-18571

Affected Products

Citrix Xenmobile Server

PT-2019-9606 · Citrix · Citrix Xenmobile Server

CVE-2018-18571

Weakness Enumeration

Related Identifiers

Affected Products

References · 5