CVE-2020-8209: Path Traversal
First published: Mon Aug 17 2020(Updated: )
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix XenMobile Server | <=10.8.0 | |
| Citrix XenMobile Server | =10.9.0 | |
| Citrix XenMobile Server | =10.9.0-rolling_patch1 | |
| Citrix XenMobile Server | =10.9.0-rolling_patch2 | |
| Citrix XenMobile Server | =10.9.0-rolling_patch3 | |
| Citrix XenMobile Server | =10.9.0-rolling_patch4 | |
| Citrix XenMobile Server | =10.10.0 | |
| Citrix XenMobile Server | =10.10.0-rolling_patch1 | |
| Citrix XenMobile Server | =10.10.0-rolling_patch2 | |
| Citrix XenMobile Server | =10.10.0-rolling_patch3 | |
| Citrix XenMobile Server | =10.10.0-rolling_patch4 | |
| Citrix XenMobile Server | =10.10.0-rolling_patch5 | |
| Citrix XenMobile Server | =10.11.0 | |
| Citrix XenMobile Server | =10.11.0-rolling_patch1 | |
| Citrix XenMobile Server | =10.11.0-rolling_patch2 | |
| Citrix XenMobile Server | =10.11.0-rolling_patch3 | |
| Citrix XenMobile Server | =10.12.0 | |
| Citrix XenMobile Server | =10.12.0-rolling_patch1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8209?
CVE-2020-8209 is a vulnerability that involves improper access control in Citrix XenMobile Server, allowing an attacker to read arbitrary files.
Which versions of Citrix XenMobile Server are affected by CVE-2020-8209?
CVE-2020-8209 affects Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6, and Citrix XenMobile Server before 10.9 RP5.
What is the severity of CVE-2020-8209?
CVE-2020-8209 has a severity rating of 7.5 (High).
How can an attacker exploit CVE-2020-8209?
An attacker can exploit CVE-2020-8209 by leveraging improper access control to read arbitrary files.
Is there a fix for CVE-2020-8209?
Yes, Citrix has released a fix for CVE-2020-8209. Refer to the official Citrix support article for more information.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/severity
- agent/author
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/citrix
- canonical/citrix xenmobile server
- version/citrix xenmobile server/10.8.0
- version/citrix xenmobile server/10.9.0
- version/citrix xenmobile server/10.9.0-rolling_patch1
- version/citrix xenmobile server/10.9.0-rolling_patch2
- version/citrix xenmobile server/10.9.0-rolling_patch3
- version/citrix xenmobile server/10.9.0-rolling_patch4
- version/citrix xenmobile server/10.10.0
- version/citrix xenmobile server/10.10.0-rolling_patch1
- version/citrix xenmobile server/10.10.0-rolling_patch2
- version/citrix xenmobile server/10.10.0-rolling_patch3
- version/citrix xenmobile server/10.10.0-rolling_patch4
- version/citrix xenmobile server/10.10.0-rolling_patch5
- version/citrix xenmobile server/10.11.0
- version/citrix xenmobile server/10.11.0-rolling_patch1
- version/citrix xenmobile server/10.11.0-rolling_patch2
- version/citrix xenmobile server/10.11.0-rolling_patch3
- version/citrix xenmobile server/10.12.0
- version/citrix xenmobile server/10.12.0-rolling_patch1