Workspace
Monthly
Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.
OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated medium severity (CVSS 5.4). No vendor patch available.
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A malicious user can cause log files to be written to a directory that they do not have permission to write to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.
OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated medium severity (CVSS 5.4). No vendor patch available.
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A malicious user can cause log files to be written to a directory that they do not have permission to write to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.