Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition.

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).