6.5

CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CitrixGateway Version >= 12.1 < 12.1-62.23
CitrixGateway Version >= 13.0 < 13.0-82.41
CitrixNetScaler Gateway Version >= 11.1 < 11.1-65.20
CitrixApplication Delivery Controller Firmware Version >= 11.1 < 11.1-65.20
CitrixApplication Delivery Controller Firmware Version >= 12.1 < 12.1-62.23
CitrixApplication Delivery Controller Firmware Version >= 13.0 < 13.0-82.41
CitrixApplication Delivery Controller Firmware Version >= 12.1 < 12.1-55.238
   CitrixMpx/sdx 14030 Fips Version-
   CitrixMpx/sdx 14060 Fips Version-
   CitrixMpx/sdx 14080 Fips Version-
   CitrixMpx 15030-50g Fips Version-
   CitrixMpx 15040-50g Fips Version-
   CitrixMpx 15060-50g Fips Version-
   CitrixMpx 15080-50g Fips Version-
   CitrixMpx 15100-50g Fips Version-
   CitrixMpx 15120-50g Fips Version-
   CitrixMpx 8905 Fips Version-
   CitrixMpx 8910 Fips Version-
   CitrixMpx 8920 Fips Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.08% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.