CVE-2020-8274

MEDIUM

Citrix Secure Mail for Android <20.11.0 - Code Injection

Title source: llm
STIX 2.1

Description

Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.citrix.com/article/CTX286763

Scores

CVSS v3 6.5
EPSS 0.0104
EPSS Percentile 77.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-94
Status published
Products (1)
citrix/secure_mail < 20.11.0
Published Jan 06, 2021
Tracked Since Feb 18, 2026