Lucene search

[email protected]NVD:CVE-2021-22907

HistoryMay 27, 2021 - 12:15 p.m.

CVE-2021-22907

2021-05-2712:15:08

CWE-284

[email protected]

web.nvd.nist.gov

citrix

windows

access control

vulnerability

privilege escalation

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.

Affected configurations

Nvd

Node

citrixworkspaceRange<19.12.4000ltsrwindows

citrixworkspaceRange<2105-windows

VendorProductVersionCPE
citrixworkspace*cpe:2.3:a:citrix:workspace:*:*:*:*:ltsr:windows:*:*
citrixworkspace*cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*

Vendor	Product	Version	CPE
citrix	workspace	*	cpe:2.3:a:citrix:workspace:::::ltsr:windows::
citrix	workspace	*	cpe:2.3:a:citrix:workspace:::::-:windows::

References

support.citrix.com/article/CTX307794

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-22907

citrix1 cvelist1 prion1 nessus1 cve1