Citrix and SAP issue warnings over critical security flaws

Citrix has addressed five vulnerabilities in its CEM solution

Citrix and SAP have released fixes for a new round of bugs in their software products and urged customers to apply them as soon as possible.

In a security update, Citrix said that it is patching five vulnerabilities in Citrix Endpoint Management (CEM), also known as the XenMobile enterprise mobility management solution, which enable customers to remotely connect to corporate networks using their mobile devices.

Attackers could use the bugs (indexed as CVE-2020-8208, -8209, -8210, -8211 and -8212) to gain control of a mobile server and steal sensitive information, the company said.

Positive Technologies' researcher Andrey Medov, who discovered one of the flaws during a security audit for a customer, warned that exploiting just one bug could allow an attacker to steal the credentials of a domain account for a corporate network. Following that, the attacker could attempt to target other resources like web applications and corporate mail.

According to Citrix, the following versions of CEM are affected by critical vulnerabilities:

While there are no reports of threat actors exploiting the bugs, the company said that it anticipates attackers will move quickly to do so.

The firm also advised customers to use a version prior to 10.9.x, or to immediately upgrade to a supported version (10.12 being the latest).

SAP also released its security update for August on Tuesday, urging users to immediately patch vulnerabilities in many of its products.

The company said it was updating its July 2020 Patch Day security note for a critical RECON bug, with a flaw that could allow an unauthenticated attacker to gain access to various folders in the directory structure.

The RECON bug, indexed as CVE-2020-6287, was publically disclosed last month. Pablo Artuso, the researcher who discovered the flaw, said that it affects the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, and affects more than 40,000 SAP customers.

The vulnerability could enable a remote, unauthenticated attacker to gain control of SAP applications and steal or alter data, after exploiting the flaw through the Hypertext Transfer Protocol (HTTP), he said.

"Because it resides in a common layer, it means that several SAP products are vulnerable — not only internet-facing products, but also ones that are highly connected with other SAP systems such as Solution Manager," Pablo Artuso warned.

The US Cybersecurity and Infrastructure Security Agency also advised admins to closely monitor their SAP NetWeaver AS for any anomalous activity.