CVE-2021-22920

Summary

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.

Affected Software

VendorProductVersion RangeStatus
n/aCitrix ADC, Citrix GatewayCitrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0affected
n/aCitrix ADC, Citrix GatewayCitrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1affected

Weaknesses

  • CWE-284: Improper Access Control - Generic (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References