CVE-2020-8211
17.08.2020, 16:15
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
| Vendor | Product | Version |
|---|---|---|
| citrix | xenmobile_server | 𝑥 ≤ 10.8.0 |
| citrix | xenmobile_server | 10.9.0 |
| citrix | xenmobile_server | 10.9.0:rolling_patch1 |
| citrix | xenmobile_server | 10.9.0:rolling_patch2 |
| citrix | xenmobile_server | 10.9.0:rolling_patch3 |
| citrix | xenmobile_server | 10.9.0:rolling_patch4 |
| citrix | xenmobile_server | 10.10.0 |
| citrix | xenmobile_server | 10.10.0:rolling_patch1 |
| citrix | xenmobile_server | 10.10.0:rolling_patch2 |
| citrix | xenmobile_server | 10.10.0:rolling_patch3 |
| citrix | xenmobile_server | 10.10.0:rolling_patch4 |
| citrix | xenmobile_server | 10.10.0:rolling_patch5 |
| citrix | xenmobile_server | 10.11.0 |
| citrix | xenmobile_server | 10.11.0:rolling_patch1 |
| citrix | xenmobile_server | 10.11.0:rolling_patch2 |
| citrix | xenmobile_server | 10.11.0:rolling_patch3 |
| citrix | xenmobile_server | 10.11.0:rolling_patch4 |
| citrix | xenmobile_server | 10.11.0:rolling_patch5 |
| citrix | xenmobile_server | 10.12.0 |
| citrix | xenmobile_server | 10.12.0:rolling_patch1 |
| citrix | xenmobile_server | 10.12.0:rolling_patch2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.