Description of Problem
A vulnerability has been discovered in Citrix Workspace app for Mac, which, if exploited, may result in a session hijack of a user who is authenticated on cloud stores.
Affected Versions
The following supported versions of Citrix Workspace app for Mac are affected by the vulnerability:
- Citrix Workspace app for Mac before 2409
Summary
CVD-ID | Description | Pre-Requisites | CWE | CVSS |
CVE-2024-7549 | Possible session hijack of a user who is authenticated on cloud store |
Citrix Workspace app authenticated user using cloud store may be impacted when: • Accessing SaaS/Web app OR • Accessing CVAD apps or desktops using Custom Workspace URL |
CWE-287: Improper Authentication | CVSS v4.0 Base Score: 6.9 (CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) |
What Customers Should Do
Cloud Software Group strongly urges affected customers of Citrix Workspace app for Mac to install the relevant updated versions of Citrix Workspace app for Mac as soon as possible:
- Citrix Workspace app for Mac 2409 and later
More information
https://support.citrix.com/s/article/CTX691484-citrix-workspace-app-for-mac-security-bulletin-for-cve20247549?language=en_US
For assistance from the Kraft Kennedy team, please contact us.