Vulnerability in Citrix Virtual_apps_and_desktops
CVE-2021-22928
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their p…
EPSS: 0.002 (16.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Citrix Virtual_apps_and_desktops — versions 1912
- Citrix Xenapp — versions 7.15
- Citrix Xendesktop — versions 7.15
- N/a Citrix Virtual Apps And Desktops — versions 2106 HF1, 1912LTSR CU3 HF1, 7.15LTSR CU7 HF1
References
- support@hackerone.com (Patch, x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-22928?
- CVE-2021-22928 is a high-severity vulnerability in Citrix Virtual_apps_and_desktops. CVSS score: 7.8/10. Published 2021-08-05.
- How severe is CVE-2021-22928?
- High severity. CVSS v3 base score is 7.8 out of 10.