Researchers are publicizing a proof of concept (PoC) exploit for what they’re calling an unauthenticated remote code execution (RCE) vulnerability in Citrix’s Virtual Apps and Desktops. The exploit, discovered by watchTowr, can be carried out using only an HTTP request, handing an attacker system privileges on the vendor’s virtual desktop infrastructure (VDI) product.

Source: The Register