CVE-2020-8245

Name of the Vulnerable Software and Affected Versions Citrix ADC and Citrix Gateway versions 13.0 through 13.0-64.34 Citrix ADC and NetScaler Gateway versions 12.1 through 12.1-58.14 Citrix ADC 12.1-FIPS versions 12.1 through 12.1-55.186 Citrix ADC and NetScaler Gateway version 12.0 Citrix ADC and NetScaler Gateway versions 11.1 through 11.1-65.11 Citrix SD-WAN WANOP versions 11.2 through 11.2.0 Citrix SD-WAN WANOP versions 11.1 through 11.1.1 Citrix SD-WAN WANOP versions 11.0 through 11.0.2 Citrix SD-WAN WANOP versions 10.2 through 10.2.6

Description The issue is related to improper input validation on the affected products, which can lead to an HTML Injection attack against the SSL VPN web portal.

Recommendations For Citrix ADC and Citrix Gateway versions 13.0 through 13.0-64.34, update to version 13.0-64.35 or later. For Citrix ADC and NetScaler Gateway versions 12.1 through 12.1-58.14, update to version 12.1-58.15 or later. For Citrix ADC 12.1-FIPS versions 12.1 through 12.1-55.186, update to version 12.1-55.187 or later. For Citrix ADC and NetScaler Gateway version 12.0, consider upgrading to a newer version. For Citrix ADC and NetScaler Gateway versions 11.1 through 11.1-65.11, update to version 11.1-65.12 or later. For Citrix SD-WAN WANOP versions 11.2 through 11.2.0, update to version 11.2.1a or later. For Citrix SD-WAN WANOP versions 11.1 through 11.1.1, update to version 11.1.2a or later. For Citrix SD-WAN WANOP versions 11.0 through 11.0.2, update to version 11.0.3f or later. For Citrix SD-WAN WANOP versions 10.2 through 10.2.6, update to version 10.2.7b or later.