Citrix Xenmobile Server — known CVE vulnerabilities
Every CVE whose affected-product data names Citrix Xenmobile Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2020-8211 — CVSS 9.8 (critical): Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server…
CVE-2020-8212 — CVSS 9.8 (critical): Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server…
CVE-2018-10653 — CVSS 9.8 (critical): There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10648 — CVSS 9.8 (critical): There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-18571 — CVSS 9.1 (critical): An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before…
CVE-2021-44520 — CVSS 8.8 (high): In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution…
CVE-2021-44519 — CVSS 8.8 (high): In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
CVE-2018-10654 — CVSS 8.1 (high): There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-18013 — CVSS 7.8 (high): * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this…
CVE-2018-10650 — CVSS 7.8 (high): There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2020-8209 — CVSS 7.5 (high): Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server…
CVE-2020-8210 — CVSS 7.5 (high): Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile…
CVE-2020-8253 — CVSS 7.5 (high): Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server…
CVE-2017-9231 — CVSS 7.5 (high): XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive…
CVE-2022-26151 — CVSS 7.2 (high): Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
CVE-2016-2789 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3…
CVE-2018-10651 — CVSS 6.1 (medium): There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2020-8208 — CVSS 6.1 (medium): Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server…
CVE-2016-6877 — CVSS 5.3 (medium): Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP…
CVE-2018-18014 — CVSS 4.8 (medium): * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making…