Insufficient Path Validation in Citrix XenMobile Server by Citrix
CVE-2018-10650

7.8HIGH

Key Information:

Vendor
Citrix
Vendor
CVE Published:
23 May 2018

Summary

Citrix XenMobile Server versions 10.8 prior to RP2 and 10.7 prior to RP3 exhibit an insufficient path validation vulnerability, which may allow unauthorized access to sensitive files or directories. This flaw could potentially be exploited to manipulate file paths, resulting in exposure to confidential information.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.