CVE-2020-8209

high-risk

Published 2020-08-17

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

Do I need to act?

!

93.0% chance of exploitation in next 30 days

EPSS score — higher than 7% of all CVEs

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (18)

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Xenmobile Server

Affected Vendors

Citrix

References (2)

Vendor Advisory https://support.citrix.com/article/CTX277457

Vendor Advisory https://support.citrix.com/article/CTX277457

65

/ 100

high-risk

Severity 26/34 · High

Exploitability 20/34 · Moderate

Exposure 19/34 · Moderate