On 11th of August, Citrix released a blog post and Security Update about critical vulnerabilities affected XenMobile servers products.
No technical details were shared by Citrix, however some sources indicate that by combining some of those vulnerabilities, an unauthenticated attackers could gain admin control on XenMobile Servers if exploitation is successful.
Citrix recommends these upgrades be made immediately. As of this writing, there are no known exploits. However, by analysing security patches, attacker could quickly identify exploits for these vulnerabilities and start scanning for victims exposing XenMobile servers on Internet.
Lien vers l'article source