CVE-2019-13608
HIGH KEV RANSOMWARE NUCLEICitrix StoreFront Server < 1903 - XML External Entity Injection
Title source: llmExploitation Summary
CVE-2019-13608 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns. A Nuclei detection template is also available.
Description
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
Nuclei Templates (1)
Citrix StoreFront Server - XML External Entity
HIGHVERIFIEDby daffainfo
Shodan:
/Citrix/StoreWeb
FOFA:
/Citrix/StoreWeb
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX251988
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-13608
Scores
CVSS v3
7.5
EPSS
0.7167
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-01-26
InTheWild.io
2021-07-23
ENISA EUVD
EUVD-2019-5046
Ransomware Use
Confirmed
CWE
CWE-611
Status
published
Products (1)
citrix/storefront_server
1811 - 1903
Published
Aug 29, 2019
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026