Every CVE whose affected-product data names Citrix Metaframe, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2000-0244 — CVSS 10.0 (critical): The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.
CVE-2007-2850 — CVSS 10.0 (critical): The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and…
CVE-2001-0908 — CVSS 7.5 (high): CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers…
CVE-2005-3134 — CVSS 7.5 (high): Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file…
CVE-2006-5821 — CVSS 7.5 (high): Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation…
CVE-2007-0444 — CVSS 7.2 (high): Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server…
CVE-2006-3779 — CVSS 6.5 (medium): Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which…
CVE-2001-0716 — CVSS 5.0 (medium): Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of…
CVE-2006-5861 — CVSS 5.0 (medium): The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0…
CVE-2003-1157 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web…