CVE-2019-19781

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2019-19781, also known as the Citrix Directory Traversal Bug, is a software vulnerability that lies in the design or implementation of the software. This flaw allows an attacker to potentially gain unauthorized access to sensitive data or even execute arbitrary code on the compromised system. Despite its discovery over two years ago, this vulnerability has remained a significant threat, making it into the X-Force top 10 vulnerability list for 2021. This suggests that many systems remain unpatched and vulnerable to exploitation. The cyber actor known as Gold Melody has been continuously exploiting this vulnerability, along with others such as the Microsoft Exchange remote code execution flaw (CVE-2020-0688). The actor has been linked to numerous attacks exploiting security flaws in various servers including JBoss Messaging (CVE-2017-7504), Citrix ADC (CVE-2019-19781), Oracle WebLogic (CVE-2020-14750 and CVE-2020-14882), GitLab (CVE-2021-22205), Citrix ShareFile Storage Zones Controller (CVE-2021-22941), Atlassian Confluence (CVE-2021-26084), ForgeRock AM (CVE-2021-35464), and Apache Log4j (CVE-2021-44228). The persistence of CVE-2019-19781's presence and continued exploitation underscores the importance of timely patching and proactive cybersecurity measures. Organizations are urged to apply patches for known vulnerabilities promptly and maintain robust security protocols to prevent potential breaches. As demonstrated by Gold Melody's activities, failure to address these vulnerabilities can lead to severe consequences, including data breaches and ransomware attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
citrix
Exploit
Vulnerability
Ransomware
Confluence
Esxi
CISA
netscaler
Cisco
Remote Code ...
flaw
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2020-0688Unspecified
1
CVE-2020-0688 is a significant vulnerability found in Microsoft Exchange Server, which pertains to memory corruption. This flaw allows for remote code execution by exploiting the fact that the application uses a static validationKey and decryptionKey (collectively known as the machineKey) by default
CVE-2021-44228Unspecified
1
CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b
CVE-2020-14750Unspecified
1
None
CVE-2020-14882Unspecified
1
None
CVE-2021-22205Unspecified
1
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t
CVE-2021-22941Unspecified
1
CVE-2021-22941 is a significant software vulnerability identified in Citrix ShareFile, which allows for remote code execution (RCE). This flaw was exploited by the threat actor group known as GOLD MELODY, also referred to as PROPHET SPIDER. The group has been linked to various attacks exploiting sec
CVE-2021-26084Unspecified
1
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta
CVE-2021-35464Unspecified
1
None
CVE-2017-7504Unspecified
1
CVE-2017-7504 is a significant software vulnerability identified in the JBoss MQ Java Message Service (JMS). This flaw, rooted in software design and implementation, allows for deserialization attacks when exploited on an internet-exposed server. The vulnerability has been abused by malicious actors
Citrix Directory Traversal Bug Cve-2019-19781Unspecified
1
None
CVE-2024-20287Unspecified
1
None
Source Document References
Information about the CVE-2019-19781 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
CVE-2024-20272: Critical Flaw in Cisco Unity Connection
MITRE
7 months ago
Analyzing Attacker Behavior Post-Exploitation of MS Exchange | Rapid7 Blog
SecurityIntelligence.com
8 months ago
X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021
CERT-EU
9 months ago
Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) - Help Net Security
CERT-EU
10 months ago
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
CERT-EU
a year ago
Qualys Top 20 Exploited Vulnerabilities | Qualys Security Blog
CISA
a year ago
2022 Top Routinely Exploited Vulnerabilities | CISA
DARKReading
a year ago
Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway
MITRE
a year ago
Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets | CISA
MITRE
a year ago
Ransomware 2020: Attack Trends Affecting Organizations Worldwide
MITRE
a year ago
Iran-Based Threat Actor Exploits VPN Vulnerabilities | CISA
MITRE
a year ago
PIONEER KITTEN: Targets & Methods [Adversary Profile]
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
Recorded Future
a year ago
In Before The Lock: ESXi | Recorded Future
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA