CVE-2018-18571

EUVD-2018-10291
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
citrixxenmobile_server
10.8.0
citrixxenmobile_server
10.8.0:rolling_patch1
citrixxenmobile_server
10.8.0:rolling_patch2
citrixxenmobile_server
10.8.0:rolling_patch3
citrixxenmobile_server
10.8.0:rolling_patch4
citrixxenmobile_server
10.8.0:rolling_patch5
citrixxenmobile_server
10.9.0
citrixxenmobile_server
10.9.0:rolling_patch1
citrixxenmobile_server
10.9.0:rolling_patch2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/108081
https://support.citrix.com/article/CTX247736
http://www.securityfocus.com/bid/108081
https://support.citrix.com/article/CTX247736