A vulnerability has been discovered in Citrix Workspace app for Mac, which, if exploited, may result in a session hijack of a user who is authenticated on cloud stores.
Affected Versions:
The following supported versions of Citrix Workspace app for Mac are affected by the vulnerability: Citrix Workspace app for Mac before 2409
Summary:
CVE ID
Description
Pre-requisites
CWE
CVSS
CVE-2024-7549
Possible session hijack of a user who is authenticated on cloud store
Citrix Workspace app authenticated user using cloud store may be impacted when:Accessing SaaS/Web appOR Accessing CVAD apps or desktops using Custom Workspace URL
CWE-287: Improper Authentication
CVSS v4.0 Base Score: 6.9(CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)
What Customers Should Do
Cloud Software Group strongly urges affected customers of Citrix Workspace app for Mac to install the relevant updated versions of Citrix Workspace app for Mac as soon as possible:
Aufgrund einer Umstellung vom GCM auf das FCM Protokoll (Firebase Cloud Messaging HTTP Protocol) ist ein Push für Android-Geräte welche vor dem 20. Juli 2024 registriert wurden nicht mehr möglich.
Betroffene Benutzer müssen sich neu ausrollen um wieder Push-Notifications zu erhalten. Es gibt auch keinen automatischen Migrationsweg.
Migration of Android Devices registered via GCM to FCM
Title
Migration of Android Devices registered via GCM to FCM
CTX Number
CTX691804
Article Type
Problem Solution
Created Date
4/Oct/2024
Last Modified Date
4/Oct/2024
Symptoms or Error
There is no automatic update from Azure Notification Hub or Google Push Notification Service to migrate Android clients from the FCM legacy protocol to the latest FCMv1 protocol. As a result, affected users will need to manually re-register their devices with NetScaler Gateway. Please refer to the “Re-register your Android device” Section for detailed instructions on how to complete the re-registration.
Workaround: Users can fallback to the TOTP authentication method until their devices are re-registered.
Solution
In this article we are going to share how to Migrate Android Devices registered via GCM registration template to FCM registration template
Android devices registered for the Push Notification Service before July 20, 2024, will no longer receive push notifications from September 20 2024.
This change only affects Android devices registered with the NetScaler Push Solution and does not impact iPhone devices.
Android devices registered with the NetScaler solution on or after July 20, 2024, will not be affected by this change.
Re-register your Android device
Users are required to re-register their devices with NetScaler Gateway to enable push notification functionality. Please note that different organizations may have varying methods for accessing the registration FQDN. Therefore, affected users are advised to contact their respective administrators for assistance in reaching the correct registration FQDN. Below is a sample process for re-registration.
