Citrix welcomes input on the security of its products and treats all security related queries seriously. The following sections provide guidance on the support options that are available to help resolve security related issues.
Secure product configuration and security compliance information
For general information on product security and compliance, including security related product certifications, please refer to the information available at: https://www.citrix.com/about/trust-center/privacy-compliance.html. Frequently asked security questions can be found at: https://www.citrix.com/about/trust- center/faqs.html If additional details are required on product security features or secure deployment options then please refer to the product documentation available at: https://www.citrix.com/about/trust-center/documentation.html or raise a support request through your normal Citrix support channel. For technical support options, please review the resources available at https://www.citrix.com/support.
Support on penetration test results or automated security tool output
For help analyzing the results of a product penetration test or any automated security tool output please raise a support request through your normal Citrix support channel. For technical support options, please review the resources available at https://www.citrix.com/support. Please ensure that the submission includes details on the specific versions and configuration of the products that were analysed and any available details on how the test was conducted. The report a security issue button on the Citrix Trust Center can also be used to open a support case.
Details on a previously disclosed security vulnerability or existing CVE
A list of published Citrix security bulletins is available at: https://support.citrix.com/securitybulletins/. If additional information is needed on any existing vulnerability then please raise a support request through your normal Citrix support channel. Please include the Common Vulnerabilities and Exposures (CVE) reference, see: https://nvd.nist.gov , or the relevant Citrix security bulletin article number when submitting the request. For technical support options, please review the resources available at https://www.citrix.com/support .The report a security issue button on the Citrix Trust Center can also be used to open a support case.
Reporting a product security vulnerability
If you have identified a specific reproducible security vulnerability in a Citrix product then please send the following information to the Citrix Security Response team:
1. Details on the specific vulnerability, including the detailed setup and reproduction steps used to demonstrate the issue.
2. The versions and any associated configuration details of the components that are thought to be impacted.
The above details should be sent to the Citrix security response team using the report a security issue button on the Citrix Trust Center site. Citrix recommends that vulnerability reports are encrypted using the PGP public key (fingerprint: 99FE 91C1 51A0 F7D5 4839 6044 351D 173A 623E 751C ) attached to this document.
Citrix Security Acknowledgements for indivduals who have worked with us to secure Citrix Products can be found at: https://support.citrix.com/article/CTX260942
Please note that the security response email address (email@example.com) should only be used to report specific security vulnerabilities as defined above; all other queries sent to this address may not be responded to.