An XML External Entity (XXE) processing vulnerability has been identified in Citrix StoreFront Server that could allow an unauthenticated attacker to retrieve potentially sensitive information from the server.

This vulnerability has been assigned the following CVE number:

• CVE-2019-13608: XML External Entity (XXE) Processing Vulnerability in Citrix StoreFront Server.

This vulnerability affects the following Citrix StoreFront Server versions:

• Citrix StoreFront Server earlier than 1903

• Citrix StoreFront Server 7.15 LTSR earlier than CU4 (3.12.4000)

• Citrix StoreFront Server 7.6 LTSR earlier than CU8 (3.0.8000)