This page lists publicly disclosed CVE vulnerabilities affecting citrix gateway (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-24488 | Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting | [email protected] | 6.1 | 80.91% | 2023-07-10 | 2024-11-21 |
| CVE-2023-24487 | Arbitrary file read in Citrix ADC and Citrix Gateway | [email protected] | 6.3 | 1.07% | 2023-07-10 | 2024-11-21 |
| CVE-2022-27508 | Unauthenticated denial of service | [email protected] | 7.5 | 1.01% | 2023-01-26 | 2025-04-01 |
| CVE-2022-27507 | Authenticated denial of service | [email protected] | 6.5 | 0.98% | 2023-01-26 | 2025-04-01 |
| CVE-2019-18177 | In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. | [email protected] | 6.5 | 0.58% | 2022-12-26 | 2025-04-14 |
| CVE-2022-27516 | User login brute force protection functionality bypass | [email protected] | 5.3 | 0.60% | 2022-11-08 | 2024-11-21 |
| CVE-2022-27513 | Remote desktop takeover via phishing | [email protected] | 8.3 | 0.27% | 2022-11-08 | 2024-11-21 |
| CVE-2022-27510 | Unauthorized access to Gateway user capabilities | [email protected] | 9.8 | 1.18% | 2022-11-08 | 2024-11-21 |
| CVE-2022-27509 | Unauthenticated redirection to a malicious website | [email protected] | 6.1 | 0.38% | 2022-07-28 | 2024-11-21 |
| CVE-2021-22956 | An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. | [email protected] | 7.5 | 0.89% | 2021-12-07 | 2024-11-21 |
| CVE-2021-22955 | A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. | [email protected] | 7.5 | 0.89% | 2021-12-07 | 2024-11-21 |
| CVE-2021-22927 | A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session. | [email protected] | 8.1 | 0.84% | 2021-08-05 | 2024-11-21 |
| CVE-2021-22920 | A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session. | [email protected] | 6.5 | 0.92% | 2021-08-05 | 2024-11-21 |
| CVE-2021-22919 | A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed. | [email protected] | 7.5 | 0.94% | 2021-08-05 | 2024-11-21 |
| CVE-2020-8300 | Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible. | [email protected] | 6.5 | 3.01% | 2021-06-16 | 2024-11-21 |
| CVE-2020-8299 | Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. | [email protected] | 6.5 | 0.42% | 2021-06-16 | 2024-11-21 |
| CVE-2020-8247 | Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. | [email protected] | 8.8 | 1.35% | 2020-09-18 | 2024-11-21 |
| CVE-2020-8246 | Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. | [email protected] | 7.5 | 1.55% | 2020-09-18 | 2024-11-21 |
| CVE-2020-8245 | Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web po | [email protected] | 6.1 | 0.93% | 2020-09-18 | 2024-11-21 |