Citrix Endpoint Management, aka XenMobile, is used for managing employee mobile devices and mobile applications.

A path traversal vulnerability exists in Citrix Endpoint Management. This vulnerability allows an unauthorized user to read arbitrary files, including configuration files containing passwords.


Upgrade to the latest version of Citrix Endpoint Management (CEM), also referred to as XenMobile. The official patch removes the file /opt/sas/sw/tomcat/inst1/webapps/ROOT/jsp/help-sb-download.jsp.


Related Vulnerabilities