Vulnerability Details : CVE-2020-8200
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
Vulnerability category: BypassGain privilege
Products affected by CVE-2020-8200
- cpe:2.3:a:citrix:storefront_server:*:*:*:*:*:*:*:*
- Citrix » Storefront Server » Ltsr EditionVersions from including (>=) 1912 and before (<) 1912.0.1000cpe:2.3:a:citrix:storefront_server:*:*:*:*:ltsr:*:*:*
- cpe:2.3:a:citrix:storefront_server:*:*:*:*:ltsr:*:*:*
- Citrix » Storefront Server » Ltsr EditionVersions from including (>=) 3.12 and before (<) 3.12.5001cpe:2.3:a:citrix:storefront_server:*:*:*:*:ltsr:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8200
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8200
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-8200
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2020-8200
-
https://support.citrix.com/article/CTX277455
Citrix StoreFront Security Update - Security BulletinVendor Advisory
Jump to