Description
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.citrix.com/article/CTX277457
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (5)
citrix/xenmobile_server
10.9.0 (5 CPE variants)
citrix/xenmobile_server
10.10.0 (6 CPE variants)
citrix/xenmobile_server
10.11.0 (4 CPE variants)
citrix/xenmobile_server
10.12.0 (2 CPE variants)
citrix/xenmobile_server
< 10.8.0
Published
Sep 18, 2020
Tracked Since
Feb 18, 2026