Описание
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:citrix:xenmobile_server:10.8.0:-:*:*:*:*:*:*
cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch1:*:*:*:*:*:*
cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch2:*:*:*:*:*:*
cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch3:*:*:*:*:*:*
cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch4:*:*:*:*:*:*
cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch5:*:*:*:*:*:*
cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*
cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*
cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00335
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
EPSS
Процентиль: 56%
0.00335
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-287