In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
References
Link | Resource |
---|---|
https://docs.citrix.com/en-us/xenmobile/server/document-history.html | Vendor Advisory |
https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f | Third Party Advisory |
https://support.citrix.com/article/CTX370551 | Vendor Advisory |
https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Dec 2022, 22:41
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe - Third Party Advisory |
10 Jun 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Apr 2022, 17:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.8 |
CPE | cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_6:*:*:*:*:*:* cpe:2.3:a:citrix:xenmobile_server:10.14.0:-:*:*:*:*:*:* cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_1:*:*:*:*:*:* cpe:2.3:a:citrix:xenmobile_server:10.13.0:-:*:*:*:*:*:* cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_3:*:*:*:*:*:* cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_5:*:*:*:*:*:* cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_3:*:*:*:*:*:* cpe:2.3:a:citrix:xenmobile_server:10.14.0:rolling_patch_2:*:*:*:*:*:* cpe:2.3:a:citrix:xenmobile_server:10.13.0:rolling_patch_4:*:*:*:*:*:* |
|
CWE | CWE-22 | |
First Time |
Citrix xenmobile Server
Citrix |
|
References | (MISC) https://support.citrix.com/article/CTX370551 - Vendor Advisory | |
References | (MISC) https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f - Third Party Advisory | |
References | (MISC) https://docs.citrix.com/en-us/xenmobile/server/document-history.html - Vendor Advisory |
19 Apr 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-19 16:17
Updated : 2023-12-10 14:22
NVD link : CVE-2021-44519
Mitre link : CVE-2021-44519
CVE.ORG link : CVE-2021-44519
JSON object : View
Products Affected
citrix
- xenmobile_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')