CVE-2020-8212

CRITICAL

Citrix XenMobile <10.12 - Privilege Escalation

Title source: llm

Description

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://support.citrix.com/article/CTX277457

Scores

CVSS v3 9.8

EPSS 0.0164

EPSS Percentile 73.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-749 CWE-863

Status published

Products (4)

citrix/xenmobile_server 10.10.0 (6 CPE variants)

citrix/xenmobile_server 10.11.0 (6 CPE variants)

citrix/xenmobile_server 10.12.0 (3 CPE variants)

citrix/xenmobile_server < 10.9.0

Published Aug 17, 2020

Tracked Since Feb 18, 2026