9.8
CVE-2019-11634
- EPSS 56.21%
- Published 22.05.2019 17:29:00
- Last modified 14.03.2025 17:49:52
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
Data is provided by the National Vulnerability Database (NVD)
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
VulnerabilityCitrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 56.21% | 0.98 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.