CVE-2020-8209

Name of the Vulnerable Software and Affected Versions: Citrix XenMobile Server versions 10.12 before RP2 Citrix XenMobile Server versions 10.11 before RP4 Citrix XenMobile Server versions 10.10 before RP6 Citrix XenMobile Server versions prior to 10.9 RP5

Description: The issue is related to improper access control in Citrix XenMobile Server, which can allow a remote attacker to gain unauthorized access to protected information. This is due to incorrect restriction of the directory path name with limited access. The exploitation of this issue may enable the attacker to read arbitrary files.

Recommendations: For Citrix XenMobile Server version 10.12 before RP2, update to RP2 or later to resolve the issue. For Citrix XenMobile Server version 10.11 before RP4, update to RP4 or later to resolve the issue. For Citrix XenMobile Server version 10.10 before RP6, update to RP6 or later to resolve the issue. For Citrix XenMobile Server versions prior to 10.9 RP5, update to 10.9 RP5 or later to resolve the issue.