Incorrect Access Control Vulnerability in Citrix XenMobile Server
CVE-2018-18571

9.1CRITICAL

Key Information:

Vendor: Citrix
Status: Xenmobile Server
Vendor: CVE Published:; 5 June 2019

Summary

An issue has been discovered in Citrix XenMobile Server, allowing attackers to impersonate any device enrolled for Mobile Application Management (MAM). This vulnerability arises from inadequate access controls, which could enable unauthorized actions on behalf of legitimate users. Affected versions include XenMobile Server 10.8.0 prior to Rolling Patch 6 and 10.9.0 before Rolling Patch 3. Addressing this issue is crucial for maintaining security and integrity within mobile management systems.

References

http://www.securityfocus.com/bid/108081

vdb-entryx_refsource_BID

https://support.citrix.com/article/CTX247736

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 5, 2019
Vulnerability Reserved
Oct 22, 2018