Impersonation and Unauthorized Actions Vulnerability in Citrix XenMobile Server

Impersonation and Unauthorized Actions Vulnerability in Citrix XenMobile Server

CVE-2018-18571 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.

Learn more about our Cis Benchmark Audit For Server Software.