CVE-2020-8300 - Citrix Netscaler Gateway, Citrix Gateway and Citrix Application Delivery Controller Firmware

Moderate 6.5

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.

Affected software

Citrix Netscaler Gateway

Citrix Gateway

Citrix Application Delivery Controller Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.