CVE-2019-13608

7.5HIGH

Key Information

Vendor: Citrix
Status: Storefront Server
Vendor: CVE Published:; 29 August 2019

Badges

👾 Exploit Exists

Summary

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2019-13608 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Nov 3, 2021
Vulnerability published.
Aug 29, 2019
Vulnerability Reserved.
Jul 15, 2019

Collectors

NVD DatabaseMitre DatabaseCISA Database