1. Home
  2. CVE Database
  3. CVE-2021-22927
HIGH · 8.1

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

Vulnerability Description

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
CitrixApplication Delivery Controller Firmware>= 11.1, < 11.1-65.22
CitrixApplication Delivery Controller-
CitrixMpx\/Sdx 14030 Fips-
CitrixMpx\/Sdx 14060 Fips-
CitrixMpx\/Sdx 14080 Fips-
CitrixMpx 15030-50G Fips-
CitrixMpx 15040-50G Fips-
CitrixMpx 15060-50G Fips-
CitrixMpx 15080-50G Fips-
CitrixMpx 15100-50G Fips-
CitrixMpx 15120-50G Fips-
CitrixMpx 8905 Fips-
CitrixMpx 8910 Fips-
CitrixMpx 8920 Fips-
CitrixGateway>= 12.1, < 12.1-62.27
CitrixNetscaler Gateway>= 11.1, < 11.1-65.22

Related Weaknesses (CWE)

CWE-384

References

FAQ

What is CVE-2021-22927?

CVE-2021-22927 is a vulnerability with a CVSS score of 8.1 (HIGH). A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

How severe is CVE-2021-22927?

CVE-2021-22927 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22927?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Application Delivery Controller Firmware, Citrix Application Delivery Controller, Citrix Mpx\/Sdx 14030 Fips, Citrix Mpx\/Sdx 14060 Fips, Citrix Mpx\/Sdx 14080 Fips.