Code Injection Vulnerability in Citrix Secure Mail for Android
CVE-2020-8274

6.5MEDIUM

Key Information:

Vendor: Citrix
Status: Citrix Secure Mail For Android
Vendor: CVE Published:; 6 January 2021

Summary

Citrix Secure Mail for Android prior to version 20.11.0 is susceptible to a code injection flaw that allows unauthorized access to sensitive data. This vulnerability requires a malicious application to be installed or a threat actor to exploit the device's code execution capabilities. It poses a significant risk to user data integrity and confidentiality, making it essential for users to update to the latest version to mitigate exposure.

Affected Version(s)

Citrix Secure Mail for Android Fixed in 20.11.0

References

https://support.citrix.com/article/CTX286763

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2021
Vulnerability Reserved
Jan 28, 2020