Citrix XenMobile Server – Arbitrary File Read Vulnerability (CVE-2020-8209)

Overview: Citrix XenMobile Server is an enterprise application used for mobile device, as well as mobile application management.   A Path Traversal vulnerability (CVE-2020-8209), which leads to arbitrary file read  has recently been identified in Citrix XenMobile Server.  According to Adrey Modav from Positive Technologies, an authentication is not required to exploit this vulnerability.  Description:  According to the researcher, the vulnerable code exists in the help-sb-download.jsp file. The vulnerability exists because the user– supplied input is passed to the sbFileName parameter is not sanitized and is directly appended … Continue reading “Citrix XenMobile Server – Arbitrary File Read Vulnerability (CVE-2020-8209)”