PT-2020-20019 · Citrix · Citrix Gateway+2
Published
2020-07-10
·
Updated
2020-07-13
·
CVE-2020-8198
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Citrix ADC and Citrix Gateway versions prior to 13.0-58.30
Citrix ADC and Citrix Gateway versions prior to 12.1-57.18
Citrix ADC and Citrix Gateway versions prior to 12.0-63.21
Citrix ADC and Citrix Gateway versions prior to 11.1-64.14
Citrix ADC and Citrix Gateway versions prior to 10.5-70.18
Citrix SDWAN WAN-OP versions prior to 11.1.1a
Citrix SDWAN WAN-OP versions prior to 11.0.3d
Citrix SDWAN WAN-OP versions prior to 10.2.7
Description
The issue is caused by improper input validation, resulting in Stored Cross-Site Scripting (XSS). This allows attackers to inject malicious scripts into the application, potentially leading to unauthorized access or data theft.
Recommendations
For Citrix ADC and Citrix Gateway versions prior to 13.0-58.30, update to version 13.0-58.30 or later.
For Citrix ADC and Citrix Gateway versions prior to 12.1-57.18, update to version 12.1-57.18 or later.
For Citrix ADC and Citrix Gateway versions prior to 12.0-63.21, update to version 12.0-63.21 or later.
For Citrix ADC and Citrix Gateway versions prior to 11.1-64.14, update to version 11.1-64.14 or later.
For Citrix ADC and Citrix Gateway versions prior to 10.5-70.18, update to version 10.5-70.18 or later.
For Citrix SDWAN WAN-OP versions prior to 11.1.1a, update to version 11.1.1a or later.
For Citrix SDWAN WAN-OP versions prior to 11.0.3d, update to version 11.0.3d or later.
For Citrix SDWAN WAN-OP versions prior to 10.2.7, update to version 10.2.7 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Adc
Citrix Gateway
Citrix Sd-Wan Wanop