Vulnerability detail

Enriched intelligence for a single CVE

7.5

CVSS
High

CVE-2020-8209

PUBLISHED

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before...

PoC available Remote Low complexity No user interaction

Vendor: Citrix
Product: XenMobile Server
Published: Aug 17, 2020
EPSS: —

Description

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

nuclei_scanner

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0 5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitation status

Proof of concept available

Recorded 2020-11-17 07:20:46 UTC · Source

References

https://support.citrix.com/article/CTX277457

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Jun 14, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8209.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

B1anda0/CVE-2020-8209

github · Created 2020-11-17 07:20:46 UTC · 31 stars

该脚本为Citrix XenMobile 目录遍历漏洞（CVE-2020-8209）批量检测脚本。

Timeline

CVE ID Reserved

January 28, 2020
CVE Published to Public

August 17, 2020
Proof of Concept Exploit Available

November 17, 2020
Detected by Nuclei

April 25, 2025
Added to KEVIntel

June 14, 2025