CVE-2024-6149

Published Jul 10, 2024

Last updated 9 months ago

CVSS medium 4.8
VDI

Overview

Description
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
Source
secure@citrix.com
NVD status
Analyzed
Products
workspace

Risk scores

CVSS 4.0

Type
Secondary
Base score
4.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-601

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session MixupCVE-2026-4368
  2. Citrix NetScaler Out-of-Bounds Read VulnerabilityCVE-2026-3055
  3. Broadcom VMware Aria Operations Command Injection VulnerabilityCVE-2026-22719
  4. Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.CVE-2026-22769
  5. Microsoft Windows Improper Privilege Management VulnerabilityCVE-2026-21533

References

Sources include official advisories and independent security research.