CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2019-12991	High	81.0%	CitrixSD-WAN and NetScaler	Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.	Mar 25, 2022	KEV
CVE-2021-22941	High	87.8%	CitrixShareFile	Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.	Mar 25, 2022	KEV
CVE-2019-19781	High	94.4%	CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance	Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.	Nov 3, 2021	KEV
CVE-2019-11634	High	30.8%	CitrixWorkspace Application and Receiver for Windows	Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.	Nov 3, 2021	KEV
CVE-2020-8195	High	73.1%	CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance	Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.	Nov 3, 2021	KEV
CVE-2020-8196	High	66.2%	CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance	Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.	Nov 3, 2021	KEV
CVE-2020-8193	High 6.5	94.3%	CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance	Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.	Nov 3, 2021	KEVExploit
CVE-2019-13608	High	74.1%	CitrixStoreFront Server	Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.	Nov 3, 2021	KEV

CVE-2019-12991KEV

High

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

CitrixEPSS 81.0%

CVE-2021-22941KEV

High

Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

CitrixEPSS 87.8%

CVE-2019-19781KEV

High

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.

CitrixEPSS 94.4%

CVE-2019-11634KEV

High

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

CitrixEPSS 30.8%

CVE-2020-8195KEV

High

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

CitrixEPSS 73.1%

CVE-2020-8196KEV

High

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

CitrixEPSS 66.2%

CVE-2020-8193KEV

High

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

CitrixCVSS 6.5EPSS 94.3%

Exploit

CVE-2019-13608KEV

High

Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.

CitrixEPSS 74.1%

1 2