CVE-2020-8209

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
citrixxenmobile_server
𝑥
≤ 10.8.0
citrixxenmobile_server
10.9.0
citrixxenmobile_server
10.9.0:rolling_patch1
citrixxenmobile_server
10.9.0:rolling_patch2
citrixxenmobile_server
10.9.0:rolling_patch3
citrixxenmobile_server
10.9.0:rolling_patch4
citrixxenmobile_server
10.10.0
citrixxenmobile_server
10.10.0:rolling_patch1
citrixxenmobile_server
10.10.0:rolling_patch2
citrixxenmobile_server
10.10.0:rolling_patch3
citrixxenmobile_server
10.10.0:rolling_patch4
citrixxenmobile_server
10.10.0:rolling_patch5
citrixxenmobile_server
10.11.0
citrixxenmobile_server
10.11.0:rolling_patch1
citrixxenmobile_server
10.11.0:rolling_patch2
citrixxenmobile_server
10.11.0:rolling_patch3
citrixxenmobile_server
10.12.0
citrixxenmobile_server
10.12.0:rolling_patch1
𝑥
= Vulnerable software versions