Command Injection Vulnerability in Citrix XenMobile Server
CVE-2022-26151

7.2HIGH

Key Information:

Vendor
Citrix
Status
Xenmobile Server
Vendor
CVE Published:
13 April 2022

Summary

Citrix XenMobile Server versions 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 are susceptible to a command injection vulnerability. This issue allows attackers to execute arbitrary commands on the server, potentially compromising the integrity and confidentiality of the system. Organizations using these versions should prioritize mitigation measures to safeguard their environments against unauthorized access and potential exploitation.

References

https://support.citrix.com/search
x_refsource_MISC
https://support.citrix.com/article/CTX370551
x_refsource_MISC
https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-...
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.