Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCitrix Receiver
APPCitrix4.9Citrix Workspace
APPCitrix< 1904
CISA KEV — detailsi
- Vendori
- Citrix ↗
- Producti
- Workspace Application and Receiver for Windows
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.
Related vulnerabilities
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for ...
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for ...
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for...
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations a...
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protect...