CVE-2017-9231

HIGH

Citrix XenMobile Server <10.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98995
Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX220138
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038704

Scores

CVSS v3 7.5
EPSS 0.0040
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (8)
citrix/xenmobile_server 9.0
citrix/xenmobile_server 10.0
citrix/xenmobile_server 10.1
citrix/xenmobile_server 10.3
citrix/xenmobile_server 10.3.5
citrix/xenmobile_server 10.3.6
citrix/xenmobile_server 10.4
citrix/xenmobile_server 10.5
Published Jun 16, 2017
Tracked Since Feb 18, 2026