CVE-2021-22927

HIGH

Citrix ADC/Gateway <13.0-82.45 - Session Fixation

Title source: llm

Description

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

References (1)

[Vendor Advisory] https://support.citrix.com/article/CTX319135

Scores

CVSS v3 8.1

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE

CWE-384

Status published

Products (3)

citrix/application_delivery_controller_firmware 11.1 - 11.1-65.22

citrix/gateway 12.1 - 12.1-62.27

citrix/netscaler_gateway 11.1 - 11.1-65.22

Published Aug 05, 2021

Tracked Since Feb 18, 2026