Citrix — community ground truth
3 notable / known-exploited Citrix CVEs the community has triaged.
ⓘ Not an exhaustive list — we focus on the findings that matter (exploited / notable). For every Citrix CVE, see NVD ↗.
- CVE-2019-12989CVSS 9.8KEVEPSS 94%
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
- CVE-2019-12991CVSS 8.8KEVEPSS 75%
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
- CVE-2019-13608CVSS 7.5KEVEPSS 28%
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.