CVE-2019-11634

Warnung

EPSS 56.21%
Veröffentlicht 22.05.2019 17:29:00
Zuletzt bearbeitet 14.03.2025 17:49:52
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Citrix ≫ Receiver Version4.9 Updatecumulative_update_6 SwEditionwindows

Citrix ≫ Workspace SwPlatformwindows Version < 1904

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability

Schwachstelle

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	56.21%	0.98

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin

Vendor Advisory

https://support.citrix.com/article/CTX251986

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11634

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11634

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11634

EUVD