Description
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.citrix.com/article/CTX277457
Scores
CVSS v3
7.5
EPSS
0.0031
EPSS Percentile
54.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
CWE-200
Status
published
Products (5)
citrix/xenmobile_server
10.9.0 (5 CPE variants)
citrix/xenmobile_server
10.10.0 (6 CPE variants)
citrix/xenmobile_server
10.11.0 (6 CPE variants)
citrix/xenmobile_server
10.12.0 (3 CPE variants)
citrix/xenmobile_server
< 10.8.0
Published
Aug 17, 2020
Tracked Since
Feb 18, 2026