Skip to main content

Xenmobile Server CVE-2017-9231

HIGH
Improper Restriction of XML External Entity Reference (CWE-611)
2017-06-16 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 16, 2017 - 22:29 cve.org
HIGH 7.5

DescriptionCVE.org

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.

AnalysisAI

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Affected products include: Citrix Xenmobile Server. Version information: before 10.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Disable external entity processing in XML parsers, use JSON instead of XML where possible.

CVE-2018-10653 CRITICAL POC
9.8 May 23

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befor

CVE-2018-18013 HIGH POC
7.8 Oct 24

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated i

CVE-2020-8209 HIGH POC
7.5 Aug 17

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix Xe

CVE-2020-8212 CRITICAL
9.8 Aug 17

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix Xe

CVE-2020-8211 CRITICAL
9.8 Aug 17

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix

CVE-2018-10648 CRITICAL
9.8 May 23

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Ra

CVE-2018-18014 MEDIUM POC
4.8 Oct 24

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands

CVE-2018-10654 HIGH
8.1 May 23

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befo

CVE-2018-10650 HIGH
7.8 May 23

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. R

CVE-2020-8253 HIGH
7.5 Sep 18

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix Xe

CVE-2020-8210 HIGH
7.5 Aug 17

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6

CVE-2018-10652 HIGH
7.5 May 23

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Rated high severity (CVSS 7.5), this

Share

CVE-2017-9231 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy