CVE-2023-6184

Name of the Vulnerable Software and Affected Versions Citrix Virtual Apps and Desktops (CVAD) versions prior to the fixed version Citrix Session Recording versions prior to the fixed version

Description The issue is related to insufficient control of resources with dynamic management in the Session Recording component of Citrix Virtual Apps and Desktops (CVAD). This can allow a remote attacker to execute arbitrary code. The vulnerability also involves a Cross Site Scripting (XSS) issue in Citrix Session Recording, which can be exploited by an attacker to perform Cross Site Scripting. The exploitation requires an authenticated user.

Recommendations For Citrix Virtual Apps and Desktops (CVAD) versions prior to the fixed version, update to the latest version that includes the fix for this issue. For Citrix Session Recording versions prior to the fixed version, update to the latest version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Session Recording component until a patch is available. Avoid using the Session Recording feature in Citrix Virtual Apps and Desktops (CVAD) until the issue is resolved.