PT-2021-12715 · Citrix · Citrix Secure Mail

Published

2021-01-06

Updated

2021-01-12

CVE-2020-8274

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Citrix Secure Mail for Android versions prior to 20.11.0

Description: The issue allows unauthenticated access to read data stored within Secure Mail due to improper control of code generation, specifically 'Code Injection'. This can occur if a malicious app is installed on the Android device or if a threat actor executes arbitrary code on the device.

Recommendations: For versions prior to 20.11.0, update to version 20.11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data within Secure Mail until the update can be applied.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-8274

Affected Products

Citrix Secure Mail

PT-2021-12715 · Citrix · Citrix Secure Mail

CVE-2020-8274

Weakness Enumeration

Related Identifiers

Affected Products

References · 5