Description
Citrix Endpoint Management, aka XenMobile, is used for managing employee mobile devices and mobile applications.
A path traversal vulnerability exists in Citrix Endpoint Management. This vulnerability allows an unauthorized user to read arbitrary files, including configuration files containing passwords.
Remediation
Upgrade to the latest version of Citrix Endpoint Management (CEM), also referred to as XenMobile. The official patch removes the file /opt/sas/sw/tomcat/inst1/webapps/ROOT/jsp/help-sb-download.jsp.
References
Related Vulnerabilities
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.30)
Path Traversal in Oracle GlassFish server open source edition
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.15)
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)