A Carriage Return Line Feed (CRLF) injection vulnerability has been identified in Citrix License Server for Windows and VPX that could allow an unauthenticated attacker to bypass authentication and allow a malicious website to read or modify license server data of an existing logged on session.
This vulnerability has been assigned the following CVE number:
• CVE-2019-13609: CRLF Vulnerability in License Server for Windows and VPX
This vulnerability affects the following Citrix License Server versions:
• Citrix License Server for Windows earlier than 22.214.171.124 Build 27000.
• Citrix License Server VPX all supported versions.