Severity
High
Analysis Summary
CVE-2021-22928
Citrix Virtual Apps and Desktops could allow an authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privilege as SYSTEM.
Impact
- Privilege escalation
- Unauthorized Access
Affected Vendors
Citrix
Affected Products
- Citrix Virtual Apps and Desktops 1912 LTSR
- Citrix Virtual Apps and Desktops 2106
- Citrix XenApp 7.15 LTSR
- Citrix XenDesktop 7.15 LTSR
Remediation
Refer to Citrix Security Advisory for patch, upgrade or suggested workaround information.