Session Fixation Flaw in Citrix ADC and Gateway
CVE-2021-22927

8.1HIGH

Key Information:

Vendor: Citrix
Status: Citrix Adc, Citrix Gateway
Vendor: CVE Published:; 5 August 2021

What is CVE-2021-22927?

A session fixation vulnerability is present in Citrix ADC and Citrix Gateway versions 13.0-82.45 when configured as a SAML service provider. This security flaw could potentially allow attackers to hijack user sessions. Organizations utilizing these Citrix products should implement necessary mitigations to protect their applications from session hijacking attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Citrix ADC, Citrix Gateway Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0

Citrix ADC, Citrix Gateway Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1

Citrix ADC, Citrix Gateway Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1

References

https://support.citrix.com/article/CTX319135

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2021
Vulnerability Reserved
Jan 6, 2021

JSON

Citrix

What is CVE-2021-22927?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.