Session Fixation Flaw in Citrix ADC and Gateway
CVE-2021-22927

8.1HIGH

Key Information:

Vendor: Citrix
Status: Citrix Adc, Citrix Gateway
Vendor: CVE Published:; 5 August 2021

Summary

A session fixation vulnerability is present in Citrix ADC and Citrix Gateway versions 13.0-82.45 when configured as a SAML service provider. This security flaw could potentially allow attackers to hijack user sessions. Organizations utilizing these Citrix products should implement necessary mitigations to protect their applications from session hijacking attacks.

Affected Version(s)

Citrix ADC, Citrix Gateway Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0

Citrix ADC, Citrix Gateway Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1

Citrix ADC, Citrix Gateway Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1

References

https://support.citrix.com/article/CTX319135

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2021
Vulnerability Reserved
Jan 6, 2021