Citrix XenMobile Server Path Traversal
Description
Citrix Endpoint Management, aka XenMobile, is used for managing employee mobile devices and mobile applications.
A path traversal vulnerability exists in Citrix Endpoint Management. This vulnerability allows an unauthorized user to read arbitrary files, including configuration files containing passwords.
Remediation
Upgrade to the latest version of Citrix Endpoint Management (CEM), also referred to as XenMobile. The official patch removes the file /opt/sas/sw/tomcat/inst1/webapps/ROOT/jsp/help-sb-download.jsp.