How many vulnerabilities affect Citrix?

There are currently 266 known vulnerabilities (CVEs) affecting Citrix tracked in the Strobes VI database.

Are there exploits available for Citrix vulnerabilities?

Some vulnerabilities affecting Citrix have known public exploits. Check individual CVE pages for exploit details and mitigation guidance.

How should I prioritize Citrix vulnerabilities?

Prioritize based on Strobes Priority Score, which combines CVSS severity, EPSS exploitation probability, exploit availability, and patch status. Focus first on vulnerabilities with high Priority Scores and available exploits.

Citrix Vulnerabilities

Known vulnerabilities affecting Citrix products and systems

Total: 266 vulnerabilitiesPage 5

CVE ID	Description	CVSS	Priority	Trend	Exploit	Patch
CVE-2019-9548	Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.	0.0	0	Neutral	No	Yes
CVE-2019-7218	Citrix ShareFile through 19.1 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim?s otp physical token or virtual app (like go...	0.0	0	Neutral	Yes	No
CVE-2019-7217	Citrix ShareFile through 19.1 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication i...	0.0	0	Neutral	Yes	No
CVE-2019-6485	Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 be...	0.0	0	Neutral	No	Yes
CVE-2019-19781	An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.	9.8	812	Viral	Yes	Yes
CVE-2019-18225	An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 befo...	9.8	588	Neutral	No	Yes
CVE-2019-18177	In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and l...	6.5	273	Neutral	No	Yes
CVE-2019-17366	Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.	8.8	545	Neutral	No	Yes
CVE-2019-13608	Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.	7.5	616	Neutral	Yes	Yes
CVE-2019-12992	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).	0.0	0	Neutral	Yes	Yes
CVE-2019-12991	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).	8.8	809	Neutral	Yes	Yes
CVE-2019-12990	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.	0.0	0	Neutral	Yes	No
CVE-2019-12989	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.	9.8	819	Neutral	Yes	Yes
CVE-2019-12988	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).	0.0	0	Neutral	Yes	Yes
CVE-2019-12987	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).	0.0	0	Neutral	Yes	Yes
CVE-2019-12986	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).	0.0	0	Neutral	Yes	Yes
CVE-2019-12985	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).	0.0	0	Neutral	Yes	Yes
CVE-2019-12292	Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.	0.0	0	Neutral	No	Yes
CVE-2019-12044	A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller...	0.0	0	Neutral	No	Yes
CVE-2019-11634	Citrix Workspace App before 1904 for Windows has Incorrect Access Control.	9.8	733	Neutral	Yes	Yes

Showing 81 - 100 of 266

Previous Next

CVE ID	Description	CVSS	Priority	Trend	Exploit	Patch

CVE ID

Description

CVSS

Priority

Trend

Exploit

Patch

CVE-2019-9548

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

0.0

Neutral

Yes

CVE-2019-7218

Citrix ShareFile through 19.1 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim?s otp physical token or virtual app (like go...

0.0

Neutral

Yes

CVE-2019-7217

Citrix ShareFile through 19.1 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication i...

0.0

Neutral

Yes

CVE-2019-6485

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 be...

0.0

Neutral

Yes

CVE-2019-19781

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

9.8

812

Viral

Yes

CVE-2019-18225

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 befo...

9.8

588

Neutral

Yes

CVE-2019-18177

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and l...

6.5

273

Neutral

Yes

CVE-2019-17366

Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.

8.8

545

Neutral

Yes

CVE-2019-13608

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.

7.5

616

Neutral

Yes

CVE-2019-12992

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).

0.0

Neutral

Yes

CVE-2019-12991

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

8.8

809

Neutral

Yes

CVE-2019-12990

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.

0.0

Neutral

Yes

CVE-2019-12989

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.

9.8

819

Neutral

Yes

CVE-2019-12988

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).

0.0

Neutral

Yes

CVE-2019-12987

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).

0.0

Neutral

Yes

CVE-2019-12986

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

0.0

Neutral

Yes

CVE-2019-12985

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

0.0

Neutral

Yes

CVE-2019-12292

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.

0.0

Neutral

Yes

CVE-2019-12044

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller...

0.0

Neutral

Yes

CVE-2019-11634

Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

9.8

733

Neutral

Yes

Citrix Vulnerabilities

Ready for Agentic Automated Testing?

Citrix Vulnerabilities