CVE-2020-8209
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 28, 2020
- Published Date
- August 17, 2020
- Last Updated
- August 04, 2024
- Vendor
- n/a
- Product
- Citrix XenMobile Server
- Description
- Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
- Tags
- Score
- 92.54% (Percentile: 99.72%) as of 2025-05-27
- Exploited in the Wild
- Yes (2025-04-29 00:00:00 UTC) Source
nuclei_scanner
CVSS Scores
CVSS v3.1
7.5 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
5.0
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Score
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-04-29 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8209.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
B1anda0/CVE-2020-8209
Type: github • Created: 2020-11-17 07:20:46 UTC • Stars: 31
该脚本为Citrix XenMobile 目录遍历漏洞(CVE-2020-8209)批量检测脚本。
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Added to KEVIntel