CVE-2020-8253
First published: Fri Sep 18 2020(Updated: )
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix XenMobile | <=10.8.0 | |
| Citrix XenMobile | =10.9.0 | |
| Citrix XenMobile | =10.9.0-rolling_patch1 | |
| Citrix XenMobile | =10.9.0-rolling_patch2 | |
| Citrix XenMobile | =10.9.0-rolling_patch3 | |
| Citrix XenMobile | =10.9.0-rolling_patch4 | |
| Citrix XenMobile | =10.10.0 | |
| Citrix XenMobile | =10.10.0-rolling_patch1 | |
| Citrix XenMobile | =10.10.0-rolling_patch2 | |
| Citrix XenMobile | =10.10.0-rolling_patch3 | |
| Citrix XenMobile | =10.10.0-rolling_patch4 | |
| Citrix XenMobile | =10.10.0-rolling_patch5 | |
| Citrix XenMobile | =10.11.0 | |
| Citrix XenMobile | =10.11.0-rolling_patch1 | |
| Citrix XenMobile | =10.11.0-rolling_patch2 | |
| Citrix XenMobile | =10.11.0-rolling_patch3 | |
| Citrix XenMobile | =10.12.0 | |
| Citrix XenMobile | =10.12.0-rolling_patch1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-8253?
CVE-2020-8253 is rated as a critical vulnerability that could allow unauthorized access to sensitive files.
How do I fix CVE-2020-8253?
To fix CVE-2020-8253, you need to upgrade to Citrix XenMobile Server version 10.12 before RP2, 10.11 before RP4, or 10.10 before RP6.
What versions of Citrix XenMobile Server are affected by CVE-2020-8253?
CVE-2020-8253 affects Citrix XenMobile Server versions 10.12 before RP2, 10.11 before RP4, 10.10 before RP6, and earlier versions down to 10.9 RP5.
What type of vulnerability is CVE-2020-8253?
CVE-2020-8253 is an improper authentication vulnerability.
Can CVE-2020-8253 allow attackers to access sensitive data?
Yes, CVE-2020-8253 enables attackers to access sensitive files due to improper authentication.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/citrix
- canonical/citrix xenmobile
- version/citrix xenmobile/10.8.0
- version/citrix xenmobile/10.9.0
- version/citrix xenmobile/10.9.0-rolling_patch1
- version/citrix xenmobile/10.9.0-rolling_patch2
- version/citrix xenmobile/10.9.0-rolling_patch3
- version/citrix xenmobile/10.9.0-rolling_patch4
- version/citrix xenmobile/10.10.0
- version/citrix xenmobile/10.10.0-rolling_patch1
- version/citrix xenmobile/10.10.0-rolling_patch2
- version/citrix xenmobile/10.10.0-rolling_patch3
- version/citrix xenmobile/10.10.0-rolling_patch4
- version/citrix xenmobile/10.10.0-rolling_patch5
- version/citrix xenmobile/10.11.0
- version/citrix xenmobile/10.11.0-rolling_patch1
- version/citrix xenmobile/10.11.0-rolling_patch2
- version/citrix xenmobile/10.11.0-rolling_patch3
- version/citrix xenmobile/10.12.0
- version/citrix xenmobile/10.12.0-rolling_patch1