- How many CVEs does Citrix have?
- Citrix has 460 published CVE records since 2000, including 22 in the last two years.
- How many Citrix CVEs are in CISA KEV?
- Yes — 24 of Citrix's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Citrix products have the most CVEs?
- The Citrix products with the most published CVEs are hypervisor, XenServer, NetScaler Gateway, netscaler_application_delivery_controller, netscaler gateway firmware.
- What are the most common weakness types in Citrix CVEs?
- Citrix's CVEs most often map to these CWE weakness types: CWE-269 (Improper Privilege Management), CWE-284 (Improper Access Control), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-476 (NULL Pointer Dereference).
- Are there public exploits for Citrix vulnerabilities?
- Yes — 70 of Citrix's CVEs have a known public exploit.
- How many critical Citrix vulnerabilities are there?
- Citrix has 83 critical and 189 high-severity CVEs.
- What is the average severity of Citrix CVEs?
- The average CVSS base score across Citrix's scored CVEs is 7.1.