-
-
Save tree-chtsec/766f81e22ae383987d75eedb3b23b709 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Suggested description] | |
> Citrix XenMobile Server 10.12 RP9 and before, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privilege. | |
> | |
> ------------------------------------------ | |
> | |
> [Vulnerability Type] | |
> Command Injection | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Citrix | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> XenMobile 10.12 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> XenMobile Rest API | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Code execution] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Escalation of Privileges] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://docs.citrix.com/en-us/xenmobile/server/document-history.html | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> CHT Security/Tree |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment