PT-2020-5829 · Citrix · Citrix Xenmobile Server
Published
2020-08-12
·
Updated
2020-08-20
·
CVE-2020-8212
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Citrix XenMobile Server versions 10.12 before RP3
Citrix XenMobile Server versions 10.11 before RP6
Citrix XenMobile Server version 10.10 RP6
Citrix XenMobile Server versions prior to 10.9 RP5
Description:
The issue is related to improper access control in the authorization mechanism of the Citrix XenMobile Server, which can allow a remote attacker to gain unauthorized access to protected information. This can enable access to privileged functionality.
Recommendations:
For Citrix XenMobile Server version 10.12 before RP3, update to a version that includes RP3 or later.
For Citrix XenMobile Server version 10.11 before RP6, update to a version that includes RP6 or later.
For Citrix XenMobile Server version 10.10 RP6, consider applying additional security measures as this version is still affected.
For Citrix XenMobile Server versions prior to 10.9 RP5, update to a version that includes RP5 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Citrix Xenmobile Server