Improper Access Control in Citrix Secure Mail for Android
CVE-2020-8275

4.3MEDIUM

Key Information:

Vendor: Citrix
Status: Citrix Secure Mail For Android
Vendor: CVE Published:; 6 January 2021

Summary

Citrix Secure Mail for Android prior to version 20.11.0 is susceptible to improper access control vulnerabilities that permit unauthenticated users to access restricted calendar-related data stored within the application. To exploit this vulnerability, a malicious application must be present on the affected Android device, or an attacker must execute arbitrary code on the device, allowing unauthorized access to sensitive information.

Affected Version(s)

Citrix Secure Mail for Android Fixed in 20.11.0

References

https://support.citrix.com/article/CTX286763

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2021
Vulnerability Reserved
Jan 28, 2020