Vulnerability Description
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Application Delivery Controller Firmware | >= 11.1, < 11.1-65.12 |
| Citrix | Application Delivery Controller | - |
| Citrix | Gateway | >= 11.1, < 11.1-65.12 |
| Citrix | Netscaler Gateway | >= 12.1, < 12.1-58.15 |
Related Weaknesses (CWE)
References
- https://support.citrix.com/article/CTX281474Vendor Advisory
- https://support.citrix.com/article/CTX281474Vendor Advisory
FAQ
What is CVE-2020-8245?
CVE-2020-8245 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetS...
How severe is CVE-2020-8245?
CVE-2020-8245 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8245?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Application Delivery Controller Firmware, Citrix Application Delivery Controller, Citrix Gateway, Citrix Netscaler Gateway.