← back
CVE-2019-13608

CVE-2019-13608

CVSS 7.5 HIGHEPSS 28.0%● KEVCWE-611
In short

Citrix StoreFront Server versions before specific updates allow attackers to exploit XML External Entity (XXE) attacks, potentially exposing sensitive data or causing system disruption through specially crafted XML files.

Technical detail

XXE vulnerability in Citrix StoreFront Server (pre-1903, 7.15 LTSR before CU4, 7.6 LTSR before CU8) allows remote attackers to read arbitrary files or perform SSRF attacks via malicious XML input. Exploitation requires ability to submit XML to vulnerable endpoints; impact includes information disclosure and potential remote code execution depending on system configuration.

Summary generated and translated by AI from the official description.
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.citrix.com/article/CTX251988https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-13608