Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Session_recording | Citrix | * | 2407 (excluding) |
| Session_recording | Citrix | 1912 (including) | 1912 (including) |
| Session_recording | Citrix | 1912-cu1 (including) | 1912-cu1 (including) |
| Session_recording | Citrix | 1912-cu2 (including) | 1912-cu2 (including) |
| Session_recording | Citrix | 1912-cu3 (including) | 1912-cu3 (including) |
| Session_recording | Citrix | 1912-cu4 (including) | 1912-cu4 (including) |
| Session_recording | Citrix | 1912-cu5 (including) | 1912-cu5 (including) |
| Session_recording | Citrix | 1912-cu6 (including) | 1912-cu6 (including) |
| Session_recording | Citrix | 1912-cu7 (including) | 1912-cu7 (including) |
| Session_recording | Citrix | 1912-cu8 (including) | 1912-cu8 (including) |
| Session_recording | Citrix | 2203 (including) | 2203 (including) |
| Session_recording | Citrix | 2203-cu1 (including) | 2203-cu1 (including) |
| Session_recording | Citrix | 2203-cu2 (including) | 2203-cu2 (including) |
| Session_recording | Citrix | 2203-cu3 (including) | 2203-cu3 (including) |
| Session_recording | Citrix | 2203-cu4 (including) | 2203-cu4 (including) |
| Session_recording | Citrix | 2402 (including) | 2402 (including) |
| Session_recording | Citrix | 2407 (including) | 2407 (including) |