Citrix is warning of the potential exploitation of a previously reported major security weakness in NetScaler ADC and Gateway equipment, which might expose sensitive data. The vulnerability, identified as CVE-2023-4966 (CVSS score: 9.4), affects the following supported versions -
Before 14.1-8.50, NetScaler ADC and NetScaler Gateway 14.1 were available. Before 13.1-49.15, NetScaler ADC and NetScaler Gateway 13.1 were available. Before 13.0-92.19, NetScaler ADC and NetScaler Gateway 13.0. NetScaler ADC and NetScaler Gateway 12.1 (since decommissioned). Prior to 13.1-37.164, NetScaler ADC 13.1-FIPS. Prior to 12.1-55.300, NetScaler ADC 12.1-FIPS and NetScaler ADC 12.1-NDcPP were available.