Looking for:
Citrix Workspace App Security Update |
Citrix workspace app security vulnerability.Citrix Workspace App Security Update
Log In Register. Take a third party risk management course for FREE. Copy Results Download Results. Press ESC to close. Total number of vulnerabilities : Page : 1 This Page 2 3 4 5 6.
How does it work? Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
User login brute force protection functionality bypass. Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. Citrix XenMobile Server An Improper Access Control vulnerability exists in Citrix Workspace App for Linux - with App Protection installed that can allow an attacker to perform local privilege escalation.
In Citrix XenMobile Server through An issue has been identified in the CTX mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled.
These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
Citrix Cloud Connector before 6. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line.
The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Citrix Workspace App before on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
Citrix Workspace App before on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
NOTE: Citrix disputes this as not a vulnerability. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. NOTE: Citrix disputes the reported behavior as not a security issue. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response.
The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive. An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself both are internet facing. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory.
Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5. An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.
Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. Citrix Secure Mail for Android before Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including Improper authentication in Citrix XenMobile Server
Citrix Workspace App : CVE security vulnerabilities, versions and detailed reports.
Take a third party risk management course for FREE. Selected vulnerability types are OR'ed. If you don't select any criteria "all" CVE entries will be returned. How does it work? Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Close Submit. Featured Products. Need more help? Product issues. Open or view cases Chat live.
Other support options. Mitigating Factors This vulnerability only exists if Citrix Workspace app was installed using an account with local or domain administrator privileges. It does not exist when a standard Windows user installed Citrix Workspace app for Windows. Users with automatic updates enabled will automatically be updated to a fixed version.
What Customers Should Do The issue has been addressed in the following versions of Citrix Workspace app for Windows: Citrix Workspace App and later Citrix Workspace App LTSR CU4 and later cumulative updates Citrix strongly recommends that customers upgrade to a fixed version as soon as possible or check if the version they are running has been automatically updated.
What Citrix Is Doing Citrix is notifying customers and channel partners about this potential security issue. Cookies helps to fund this blog: Cookie settings Advertising. This entry was posted in Security and tagged Citrix , Security.
Bookmark the permalink. Take a third party risk management course for FREE. Copy Results Download Results. Press ESC to close. Total number of vulnerabilities : Page : 1 This Page 2 3 4 5 6. How does it work? Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
No comments:
Post a Comment