Citrix today fixed 5 vulnerabilities impacting multiple versions of Citrix Endpoint Management (CEM) on-premise instances, also known as XenMobile Server. Citrix has already pre-notified CERTs and customers with active maintenance support on July 23 about these security vulnerabilities. Two of these vulnerabilities are rated as critical severity and, collectively, they could allow unauthenticated attackers to takeover XenMobile Servers after gaining admin control following successful exploitation. The latest rolling patches that need to be applied for versions 10.10, 10.11 and 10.12 are available immediately.
Source: https://www.bleepingcomputer.com/news/security/citrix-fixes-critical-bugs-allowing-takeover-of-xenmobile-servers/