CVE-2018-18571

Published Jun 5, 2019

Last updated 5 years ago

CVSS critical 9.1

Overview

Description: An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D77B25A0-9EC4-4824-A206-719CE8EA638E"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8403629F-9514-4D69-AFCC-C869BBB7C40E"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B147FBB-F222-4475-97DB-B1968169D5E0"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20B1C1FD-477C-417B-A81C-12A84A88FAB3"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C4E8A9F-FC3E-489E-A5D1-5D33F22FCB7B"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.8.0:rolling_patch5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B3A9270-8638-454C-B9DA-DFCABDEFD954"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References