Description
Citrix Endpoint Management, aka XenMobile, is used for managing employee mobile devices and mobile applications.
A path traversal vulnerability exists in Citrix Endpoint Management. This vulnerability allows an unauthorized user to read arbitrary files, including configuration files containing passwords.
Remediation
Upgrade to the latest version of Citrix Endpoint Management (CEM), also referred to as XenMobile. The official patch removes the file /opt/sas/sw/tomcat/inst1/webapps/ROOT/jsp/help-sb-download.jsp.
References
Related Vulnerabilities
WordPress Plugin Media from FTP Directory Traversal (9.85)
JIRA Security Advisory 2014-02-26
WordPress Plugin WP Support Plus Responsive Ticket System Multiple Vulnerabilities (4.1)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.28)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.0)