A vulnerability has been identified in Citrix Studio that could allow Access Policy rules to be set insecurely on the Citrix XenDesktop Delivery Controller.
This vulnerability affects the following product versions:
- Citrix XenDesktop 7.x between versions 7.0 and 7.6 inclusive, including 7.6 Long Term Service Release (LTSR)
- Citrix XenApp versions 7.5 and 7.6
Citrix Studio for Citrix XenApp and XenDesktop versions 7.7 and later are not affected by this vulnerability.
Citrix XenDesktop 5.6 and earlier, and Citrix XenApp 6.x and earlier, are not affected by this vulnerability.
This vulnerability has been assigned the following CVE number:
- CVE-2016-4810: Vulnerability in Citrix Studio Could Result in Insecure Access Policy Configuration.