Vulnerabilities in Citrix Licensing administration components.
Citrix Licensing Administration Console, formerly known as the License Management Console.
The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.
Citrix has been made aware of a number of vulnerabilities in a third-party component that is used by the Citrix Licensing administration console. These vulnerabilities could potentially allow an unauthorized user to gain access to some license administration functionality, and could also be used to conduct a denial of service against some licensing components.
In order to gain unauthorized access to the administrative interface, interaction from an authorized administrator is required. In a typical deployment, the affected components would not be widely exposed.
Citrix is currently working with the third party vendor to provide fixes for these vulnerabilities, and this bulletin will be updated when the fixes are available. Until these fixes are released, Citrix recommends that customers apply the following additional security measures to help mitigate these issues:
The license server should be configured so that only authorized administrators on a trusted network are able to access the Licensing Administration Console port. This can be achieved with an appropriately configured network or host-based firewall.When using the Licensing Administration Console, administrators should avoid visiting untrusted websites or clicking on untrusted URLs.
Technical Support Checklist - Software