CVE-2019-13608

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.

Basic Information

CVE State: PUBLISHED
Reserved Date: July 15, 2019
Published Date: August 29, 2019
Last Updated: February 04, 2025
Vendor: Citrix
Product: StoreFront Server
Description: Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://support.citrix.com/article/CTX251988

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Timeline

CVE ID Reserved

July 15, 2019
CVE Published to Public

August 29, 2019
Exploit Used in Malware

November 03, 2021
Added to KEVIntel

November 03, 2021