Lucene search

HackeroneCVELIST:CVE-2020-8274

HistoryJan 06, 2021 - 8:59 p.m.

CVE-2020-8274

2021-01-0620:59:16

CWE-94

hackerone

www.cve.org

citrix secure mail

android

code injection

vulnerability

unauthenticated access

data read

malicious app

arbitrary code.

AI Score

6.8

Confidence

High

EPSS

0.004

Percentile

72.0%

JSON

Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code (‘Code Injection’) by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.

CNA Affected

[
  {
    "product": "Citrix Secure Mail for Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 20.11.0"
      }
    ]
  }
]

References

support.citrix.com/article/CTX286763