CVE-2019-11634

CVSS 9.8 CRITICALEPSS 8.1%● KEVCWE-284

Vexday Risk Score

58Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 9.8EPSS 8.1%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 May 2019Published on NVD

03 Nov 2021Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

Citrix Workspace App versions before 1904 for Windows allow unauthorized users to access resources or perform actions they shouldn't be able to. This is a serious flaw because it can let attackers bypass security controls and gain unauthorized access to sensitive data or systems.

Technical detail

Incorrect access control in Citrix Workspace App (Windows, pre-1904) permits privilege escalation or unauthorized resource access due to inadequate permission validation. The vulnerability can be exploited by local or remote attackers with limited privileges to bypass authentication or authorization mechanisms, potentially compromising confidentiality and integrity of protected resources.

Summary generated and translated by AI from the official description.

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.citrix.com/article/CTX251986 https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11634