PT-2020-5827 · Citrix · Citrix Xenmobile Server

Published

2020-08-12

Updated

2020-08-20

CVE-2020-8210

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Citrix XenMobile Server versions 10.12 before RP3 Citrix XenMobile Server versions 10.11 before RP6 Citrix XenMobile Server version 10.10 RP6 Citrix XenMobile Server versions prior to 10.9 RP5

Description: The issue is related to insufficient protection of secrets, which discloses credentials of a service account. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations: For Citrix XenMobile Server version 10.12 before RP3, apply the RP3 patch to resolve the issue. For Citrix XenMobile Server version 10.11 before RP6, apply the RP6 patch to resolve the issue. For Citrix XenMobile Server version 10.10 RP6, upgrade to a version with the necessary security fixes. For Citrix XenMobile Server versions prior to 10.9 RP5, upgrade to version 10.9 RP5 or later to resolve the issue.

Fix

Information Disclosure

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-522

Related Identifiers

BDU:2021-01796

CVE-2020-8210

Affected Products

Citrix Xenmobile Server

PT-2020-5827 · Citrix · Citrix Xenmobile Server

CVE-2020-8210

Weakness Enumeration

Related Identifiers

Affected Products

References · 5