CVE-2020-8211

Name of the Vulnerable Software and Affected Versions: Citrix XenMobile Server versions 10.12 before RP3 Citrix XenMobile Server versions 10.11 before RP6 Citrix XenMobile Server version 10.10 RP6 Citrix XenMobile Server versions prior to 10.9 RP5

Description: The issue is related to improper input validation and lack of protection against SQL query structure exploitation. This can allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with SQL Injection due to insufficient measures to protect against malicious SQL queries.

Recommendations: For Citrix XenMobile Server version 10.12 before RP3, update to a version that includes RP3 or later to resolve the issue. For Citrix XenMobile Server version 10.11 before RP6, update to a version that includes RP6 or later to resolve the issue. For Citrix XenMobile Server version 10.10 RP6, consider disabling SQL query functionality until a patch is available. For Citrix XenMobile Server versions prior to 10.9 RP5, update to a version that includes RP5 or later to resolve the issue.