Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-44520: gist.txt

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.

CVE
#vulnerability#rce#auth

> [Suggested description]

> Citrix XenMobile Server 10.12 RP9 and before, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privilege.

>

> ------------------------------------------

>

> [Vulnerability Type]

> Command Injection

>

> ------------------------------------------

>

> [Vendor of Product]

> Citrix

>

> ------------------------------------------

>

> [Affected Product Code Base]

> XenMobile 10.12

>

> ------------------------------------------

>

> [Affected Component]

> XenMobile Rest API

>

> ------------------------------------------

>

> [Attack Type]

> Remote

>

> ------------------------------------------

>

> [Impact Code execution]

> true

>

> ------------------------------------------

>

> [Impact Escalation of Privileges]

> true

>

> ------------------------------------------

>

> [Reference]

> https://docs.citrix.com/en-us/xenmobile/server/document-history.html

>

> ------------------------------------------

>

> [Discoverer]

> CHT Security/Tree

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907