Skip to main content

Xenmobile Server

19 CVEs product

Monthly

CVE-2022-26151 HIGH This Week

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Citrix Xenmobile Server
NVD
CVSS 3.1
7.2
EPSS
7.6%
CVE-2020-8253 HIGH PATCH This Week

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Authentication Bypass Xenmobile Server
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-8212 CRITICAL PATCH Act Now

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-8211 CRITICAL Act Now

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Command Injection Citrix Xenmobile Server
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-8210 HIGH This Week

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8209 HIGH POC THREAT This Week

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Xenmobile Server
NVD
CVSS 3.1
7.5
EPSS
48.7%
CVE-2020-8208 MEDIUM This Month

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Xenmobile Server
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2018-18014 MEDIUM POC This Month

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Xenmobile Server
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2018-18013 HIGH POC This Week

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization RCE Xenmobile Server
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-10654 HIGH This Week

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Citrix Deserialization Xenmobile Server
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-10653 CRITICAL POC Act Now

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix XXE Xenmobile Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.8%
CVE-2018-10652 HIGH This Week

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-10651 MEDIUM This Month

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Open Redirect Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10650 HIGH This Week

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-10649 MEDIUM This Month

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XSS Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10648 CRITICAL Act Now

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Citrix Xenmobile Server
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-9231 HIGH This Week

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XXE Xenmobile Server
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-6877 MEDIUM This Month

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2016-2789 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Citrix Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
EPSS 8% CVSS 7.2
HIGH This Week

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Citrix Xenmobile Server
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Authentication Bypass Xenmobile Server
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Information Disclosure Xenmobile Server
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Command Injection Citrix +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
EPSS 49% CVSS 7.5
HIGH POC THREAT This Week

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Xenmobile Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Xenmobile Server
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Xenmobile Server
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization RCE +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Citrix Deserialization +1
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix XXE Xenmobile Server
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Open Redirect Xenmobile Server
NVD
EPSS 1% CVSS 7.8
HIGH This Week

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XSS Xenmobile Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Citrix Xenmobile Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XXE Xenmobile Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Citrix Xenmobile Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy