CVE-2020-8274
Last modified
CVE-2020-8274 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.. EPSS estimates a 2.04% chance of exploitation in the next 30 days.
Description
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Secure Mail | < 20.11.0 |
References
- https://support.citrix.com/article/CTX286763Vendor Advisory
- https://support.citrix.com/article/CTX286763Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-8274?
How severe is CVE-2020-8274?
How do I fix CVE-2020-8274?
Are you affected by CVE-2020-8274?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST