Skip to main content

Xenmobile Server CVE-2020-8253

HIGH
Improper Authentication (CWE-287)
2020-09-18 support@hackerone.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 18, 2020 - 21:15 nvd
HIGH 7.5

DescriptionNVD

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.

AnalysisAI

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. Affected products include: Citrix Xenmobile Server. Version information: before 10.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2018-10653 CRITICAL POC
9.8 May 23

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befor

CVE-2018-18013 HIGH POC
7.8 Oct 24

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated i

CVE-2020-8209 HIGH POC
7.5 Aug 17

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix Xe

CVE-2020-8212 CRITICAL
9.8 Aug 17

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix Xe

CVE-2020-8211 CRITICAL
9.8 Aug 17

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix

CVE-2018-10648 CRITICAL
9.8 May 23

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Ra

CVE-2018-18014 MEDIUM POC
4.8 Oct 24

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands

CVE-2018-10654 HIGH
8.1 May 23

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befo

CVE-2018-10650 HIGH
7.8 May 23

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. R

CVE-2017-9231 HIGH
7.5 Jun 16

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obta

CVE-2020-8210 HIGH
7.5 Aug 17

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6

CVE-2018-10652 HIGH
7.5 May 23

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Rated high severity (CVSS 7.5), this

Share

CVE-2020-8253 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy