CVE-2019-18910: OS Command Injection
First published: Fri Nov 22 2019(Updated: )
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
Credit: hp-security-alert@hp.com hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP ThinPro | =6.2 | |
| HP ThinPro | =6.2.1 | |
| HP ThinPro | =7.0 | |
| HP ThinPro | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-18910?
CVE-2019-18910 is a vulnerability in the Citrix Receiver wrapper function that allows an attacker to inject commands and execute them with local user privileges.
What software is affected by CVE-2019-18910?
HP ThinPro versions 6.2, 6.2.1, 7.0, and 7.1 are affected by CVE-2019-18910.
How severe is CVE-2019-18910?
CVE-2019-18910 has a severity rating of 6.8, which is considered medium.
How can an attacker exploit CVE-2019-18910?
An attacker can exploit CVE-2019-18910 by injecting commands that will execute with local user privileges.
Is there a fix for CVE-2019-18910?
Yes, a fix for CVE-2019-18910 is available. Please refer to the HP ThinPro support documentation for instructions on how to apply the fix.
- collector/nvd-index
- agent/author
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp thinpro
- version/hp thinpro/6.2
- version/hp thinpro/6.2.1
- version/hp thinpro/7.0
- version/hp thinpro/7.1