Back in August 2016, we conducted a pentest on a Citrix infrastructure, which allowed us to find various critical vulnerabilities in Citrix Provisioning Services. We contacted Citrix Security Response Team to responsibly disclose these vulnerabilities back in September, and they quickly acknowledged the issues and worked on fix.

Today, Citrix released the CTX219580 security advisory containing the fixes for the five vulnerabilities.

It has to be noted that all the exchanges with the Citrix Security Response Team were very pleasant, and they provided us with regular updates about the correction status of the vulnerabilities.