CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance

On the evening of January 19th Citrix issued a permanent fix to a vulnerability they previously announced and to which a proof of concept exploit was subsequently made available.  This vulnerability affected Citrix customers who use their load balancers, including Ceridian.

In response to Citrix’s issue, Ceridian:

  • Worked with Citrix and followed all recommended steps, including applying their temporary mitigation;
  • Changed all load balancer passwords;
  • Rebuilt all load balancers with the permanent fix
  • Updated SSL certificates as a precautionary step

At this time, Ceridian has no evidence of access to, nor exfiltration or manipulation of Ceridian customer data as a result of this vulnerability.

Find anything about our product, search our documentation, and more. Enter a query in the search input above, and results will be displayed as you type.