CVE-2021-22927

Summary

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

Affected Software

VendorProductVersion RangeStatus
n/aCitrix ADC, Citrix GatewayCitrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0affected
n/aCitrix ADC, Citrix GatewayCitrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1affected
n/aCitrix ADC, Citrix GatewayCitrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1affected
n/aCitrix ADC, Citrix GatewayCitrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPSaffected

Weaknesses

  • CWE-384: Session Fixation (CWE-384)

ADP Enrichment

CVE Program Container

Additional References

References