- Description
- Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- security_alert@emc.com
- CWE-863
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55FBE111-682B-44FD-ADE0-D200F8C75EBA"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:thinos:2402:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ECA47B8D-21C0-4AF5-B975-DE6DA9D73FC1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55FBE111-682B-44FD-ADE0-D200F8C75EBA"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:thinos:2311:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "978B5780-26F5-46C8-BA60-66214E06AFFA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]