NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2022-27506 | Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI | 2.7 | 0.17% | 2022-04-13 | 2024-11-21 |
| CVE-2022-26355 | Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS adminis | 4.4 | 0.03% | 2022-03-10 | 2024-11-21 |
| CVE-2024-6150 | A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning | 4.8 | 0.10% | 2024-07-10 | 2025-07-25 |
| CVE-2024-6149 | Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 | 4.8 | 0.43% | 2024-07-10 | 2025-07-25 |
| CVE-2023-6184 | Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting | 5.0 | 20.80% | 2024-01-18 | 2024-11-21 |
| CVE-2024-8069 KEV | Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server | 5.1 | 48.29% | 2024-11-12 | 2025-10-24 |
| CVE-2024-8068 KEV | Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | 5.1 | 8.05% | 2024-11-12 | 2025-10-24 |
| CVE-2024-5492 | Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway | 5.1 | 2.95% | 2024-07-10 | 2025-07-25 |
| CVE-2024-6148 | Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | 5.3 | 0.07% | 2024-07-10 | 2025-03-25 |
| CVE-2022-27516 | User login brute force protection functionality bypass | 5.3 | 0.09% | 2022-11-08 | 2024-11-21 |
| CVE-2022-27512 | Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM. | 5.3 | 0.88% | 2022-06-16 | 2024-11-21 |
| CVE-2024-7890 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | 5.4 | 0.09% | 2024-09-11 | 2024-10-22 |
| CVE-2023-5914 | Cross-site scripting (XSS) | 5.4 | 69.79% | 2024-01-17 | 2024-11-21 |
| CVE-2023-6548 KEV | Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | 5.5 | 6.52% | 2024-01-17 | 2025-10-24 |
| CVE-2023-24486 | A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | 5.5 | 0.06% | 2023-07-10 | 2024-11-21 |
| CVE-2023-24484 | A malicious user can cause log files to be written to a directory that they do not have permission to write to. | 5.5 | 0.10% | 2023-02-16 | 2025-03-18 |
| CVE-2024-8535 | Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources | 5.8 | 0.92% | 2024-11-12 | 2025-07-25 |
| CVE-2025-1223 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | 5.9 | 0.08% | 2025-02-20 | 2026-04-29 |
| CVE-2025-1222 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | 5.9 | 0.10% | 2025-02-20 | 2026-04-29 |
| CVE-2025-12101 | Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | 5.9 | 1.89% | 2025-11-11 | 2026-04-15 |