Vulnerability Description
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Cloud Connector | < 6.31.0.62192 |
Related Weaknesses (CWE)
References
- https://support.citrix.com/article/CTX316690Vendor Advisory
- https://support.citrix.com/article/CTX316690Vendor Advisory
FAQ
What is CVE-2021-22914?
CVE-2021-22914 is a vulnerability with a CVSS score of 7.5 (HIGH). Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such i...
How severe is CVE-2021-22914?
CVE-2021-22914 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22914?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Cloud Connector.