Java Deserialization Vulnerability in Citrix XenMobile Server
CVE-2018-10654

8.1HIGH

Key Information:

Vendor
Citrix
Vendor
CVE Published:
23 May 2018

Summary

A vulnerability exists in the Hazelcast Library used by Citrix XenMobile Server, where improper handling of Java deserialization can lead to remote code execution. This affects versions 10.8 prior to release pack 2 and 10.7 prior to release pack 3. Implementing the recommended patches is crucial to safeguard the server from potential exploitation.

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.