Improper input validation in Citrix ADC and Citrix Gateway versions prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions prior to 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
citrix application_delivery_controller_firmware |
||
citrix netscaler_gateway_firmware |
||
citrix gateway_firmware |
||
citrix sd-wan_wanop |
Hackers hit honeypots hours after CISO downplays risk, proof-of-concept exploit code emerges
VIdeo This week Citrix tried to reassure everyone the 11 security flaws it just patched in its network perimeter products weren't all that bad. Well, we hope they're right because someone's scanning the internet looking for vulnerable installations. The sweeps could be made by researchers documenting at-risk organizations, or could be miscreants looking for unpatched internet-facing gear to meddle with, or both. You probably don't want to find out the hard way, so apply fixes as soon as you can....
Eleven flaws cleaned up including one that may be exploited to sling malware downloads Australian PM says nation under serious state-run 'cyber attack' – Microsoft, Citrix, Telerik UI bugs 'exploited'
Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products. The bundle includes fixes for one code injection bug, three information disclosure flaws, three elevation of privilege bugs, two cross-site scripting vulnerabilities, one denial-of-service hole, and one authorization-bypass flaw. Affected gear includes the Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of any of the bug...
Vulmon