Sign-up

ID

VAR-202009-1268


CVE

CVE-2020-8245


TITLE

plural  Citrix  Cross-site scripting vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-011866

DESCRIPTION

Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal. plural Citrix The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Many Citrix Systems products have injection vulnerabilities, which can be used by attackers to attack SSL VPN website portals

Trust: 1.71

sources: NVD: CVE-2020-8245 // JVNDB: JVNDB-2020-011866 // VULHUB: VHN-186370

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler gatewayscope:gteversion:12.1

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:gteversion:11.1

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:gteversion:13.0

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:11.1-65.12

Trust: 1.0

vendor:citrixmodel:gatewayscope:ltversion:13.0-64.35

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:13.0-64.35

Trust: 1.0

vendor:citrixmodel:gatewayscope:gteversion:11.1

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:gteversion:12.1

Trust: 1.0

vendor:citrixmodel:gatewayscope:ltversion:11.1-65.12

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:ltversion:12.1-58.15

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:12.1-58.15

Trust: 1.0

vendor:citrixmodel:gatewayscope:gteversion:13.0

Trust: 1.0

vendor:シトリックス システムズmodel:citrix application delivery controllerscope: - version: -

Trust: 0.8

vendor:シトリックス システムズmodel:citrix gatewayscope: - version: -

Trust: 0.8

vendor:シトリックス システムズmodel:netscaler gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011866 // NVD: CVE-2020-8245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8245
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-8245
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202009-1054
value: MEDIUM

Trust: 0.6

VULHUB: VHN-186370
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8245
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-186370
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8245
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2020-8245
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186370 // JVNDB: JVNDB-2020-011866 // CNNVD: CNNVD-202009-1054 // NVD: CVE-2020-8245

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-186370 // JVNDB: JVNDB-2020-011866 // NVD: CVE-2020-8245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1054

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202009-1054

PATCH

title:CTX281474url:https://support.citrix.com/article/CTX281474

Trust: 0.8

title:Citrix Systems Various product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128761

Trust: 0.6

sources: JVNDB: JVNDB-2020-011866 // CNNVD: CNNVD-202009-1054

EXTERNAL IDS

db:NVDid:CVE-2020-8245

Trust: 2.5

db:JVNDBid:JVNDB-2020-011866

Trust: 0.8

db:CNNVDid:CNNVD-202009-1054

Trust: 0.7

db:AUSCERTid:ESB-2020.3198

Trust: 0.6

db:VULHUBid:VHN-186370

Trust: 0.1

sources: VULHUB: VHN-186370 // JVNDB: JVNDB-2020-011866 // CNNVD: CNNVD-202009-1054 // NVD: CVE-2020-8245

REFERENCES

url:https://support.citrix.com/article/ctx281474

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-8245

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3198/

Trust: 0.6

sources: VULHUB: VHN-186370 // JVNDB: JVNDB-2020-011866 // CNNVD: CNNVD-202009-1054 // NVD: CVE-2020-8245

SOURCES

db:VULHUBid:VHN-186370
db:JVNDBid:JVNDB-2020-011866
db:CNNVDid:CNNVD-202009-1054
db:NVDid:CVE-2020-8245

LAST UPDATE DATE

2024-11-23T21:59:01.288000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186370date:2020-10-07T00:00:00
db:JVNDBid:JVNDB-2020-011866date:2021-04-19T02:17:00
db:CNNVDid:CNNVD-202009-1054date:2020-10-22T00:00:00
db:NVDid:CVE-2020-8245date:2024-11-21T05:38:34.877

SOURCES RELEASE DATE

db:VULHUBid:VHN-186370date:2020-09-18T00:00:00
db:JVNDBid:JVNDB-2020-011866date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202009-1054date:2020-09-18T00:00:00
db:NVDid:CVE-2020-8245date:2020-09-18T21:15:13.170