#VU7191 Information disclosure in Citrix XenMobile Server - CVE-2017-9231
Published: June 23, 2017
Vulnerability identifier: #VU7191
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9231
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Citrix XenMobile Server
Citrix XenMobile Server
Software vendor:
Citrix
Citrix
Description
The vulnerability allows a remote attacker to perform an XXE attack.
The vulnerability exists due to insufficient validation of user-supplied data. A remote attacker can supply specially crafted XML External Entity (XXE) data to read arbitrary files with the privileges of the target service.
Successful exploitation of the vulnerability results in information disclosure.
The vulnerability exists due to insufficient validation of user-supplied data. A remote attacker can supply specially crafted XML External Entity (XXE) data to read arbitrary files with the privileges of the target service.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Update to version 10.5 RP3.