Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8300

EPSS 13.88% · P94
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-8300

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Citrix Systems Citrix Application Delivery Controller 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Citrix Systems Citrix Application Delivery Controller(ADC)是美国思杰系统(Citrix Systems)公司的一款应用交付控制器。该产品具有应用交付控制和负载均衡等功能。 Citrix Application Delivery Controller 中存在安全漏洞,该漏洞源于 SAML 身份验证劫持通过网络钓鱼攻击可窃取有效用户会话。攻击者可通过该漏洞获得敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Citrix ADC, Citrix Gateway Fixed in Citrix ADC and Citrix Gateway 13.0 before 13.0-82.41, Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238 -

II. Public POCs for CVE-2020-8300

#POC DescriptionSource LinkShenlong Link
1Detect Citrix ADC SAML action or SAML iDP Profile config vulnerable to CVE-2020-8300 using Citrix ADC NITRO APIhttps://github.com/stuartcarroll/CitrixADC-CVE-2020-8300POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-8300

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-06-16 · 54 CVEs total

CVE-2021-22914Citrix Cloud Connector 安全漏洞
CVE-2021-20094Wibu-Systems CodeMeter 缓冲区错误漏洞
CVE-2021-34683EXCELLENT INFOTEK CORPORATION (EIC) E-document System 信息泄露漏洞
CVE-2021-28979SafeNet KeySecure Management Console 注入漏洞
CVE-2021-32033Protectimus SLIM NFC 授权问题漏洞
CVE-2021-32612VeryFitPro 加密问题漏洞
CVE-2021-33813JDOM 代码问题漏洞
CVE-2021-32928Objective Open CBOR Run-time 安全漏洞
CVE-2021-31857ZOHO ManageEngine Password Manager Pro 安全漏洞
CVE-2021-31159Zoho ManageEngine ServiceDesk Plus MSP 安全漏洞
CVE-2021-27483ZOLL Defibrillator Dashboard 安全漏洞
CVE-2020-8299Citrix Systems NetScaler Gateway 资源管理错误漏洞
CVE-2021-34801Valine 代码注入漏洞
CVE-2021-34803TeamViewer 代码问题漏洞
CVE-2020-22198Desdev DedeCMS SQL注入漏洞
CVE-2020-27339Insyde InsydeH2O 输入验证错误漏洞
CVE-2020-20444Jact OpenClinic 安全漏洞
CVE-2020-24939Stampit supermixer 安全漏洞
CVE-2020-35762BloofoxCms 路径遍历漏洞
CVE-2020-35761BloofoxCms 跨站脚本漏洞

Showing top 20 of 54 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Citrix ADC, Citrix Gateway
Same vendor: n/a
Same weakness: CWE-284

V. Comments for CVE-2020-8300

No comments yet

Leave a comment