Insufficient Path Validation in Citrix XenMobile Server by Citrix
CVE-2018-10650
7.8HIGH
Summary
Citrix XenMobile Server versions 10.8 prior to RP2 and 10.7 prior to RP3 exhibit an insufficient path validation vulnerability, which may allow unauthorized access to sensitive files or directories. This flaw could potentially be exploited to manipulate file paths, resulting in exposure to confidential information.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved