CVE-2020-8211

CRITICAL

Citrix XenMobile <10.12 - SQL Injection

Title source: llm

Description

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.citrix.com/article/CTX277457

Scores

CVSS v3 9.8

EPSS 0.0053

EPSS Percentile 67.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89 CWE-77

Status published

Products (5)

citrix/xenmobile_server 10.9.0 (5 CPE variants)

citrix/xenmobile_server 10.10.0 (6 CPE variants)

citrix/xenmobile_server 10.11.0 (6 CPE variants)

citrix/xenmobile_server 10.12.0 (3 CPE variants)

citrix/xenmobile_server < 10.8.0

Published Aug 17, 2020

Tracked Since Feb 18, 2026