BY USE CASE
Secure Distributed Work
Boost Productivity
BY INDUSTRY
Report a security issue
We welcome the input on the security posture of our products and services. Every report is reviewed and addressed by our security professional staff. To help route the reported issue to the correct team, please carefully review your options below.
Several resources are available to provide information on the security of Citrix products:
- Get general information on product security and compliance, including security-related product certifications.
- Review frequently asked security questions.
- Explore details on product security features and secure deployment options.
For more information, please contact Citrix Technical Support:
If you suspect abuse from any communication purporting to originate from Citrix, such as fraudulent contact, improper content, and insertion of fraudulent links or malware, please contact Citrix using the email link below.
If information is needed on the impact of a CVE on a Citrix product or service, please raise a support request through your normal Citrix support channel. Please include the Common Vulnerabilities and Exposures (CVE) reference, see the National Vulnerability Database or the relevant Citrix security bulletin article number when submitting the request.
If information is needed on the impact of a CVE on a Citrix product or service, please raise a support request through your normal Citrix support channel. Please include the Common Vulnerabilities and Exposures (CVE) reference, see the National Vulnerability Database or the relevant Citrix security bulletin article number when submitting the request.
For help analyzing the results of a security test, please raise a support request through your normal Citrix support channel where it will be reviewed by a dedicated team. Please include details on the specific versions and configuration of the products that were tested as well as details on how the test was conducted and the findings can be reproduced.
If you have identified a specific reproducible security vulnerability in a Citrix product or service, you may report it to the Citrix Security Response Team through the vulnerability response program.*
Submit a product vulnerability
Citrix also has a bug bounty program where security researchers are rewarded for finding bugs in certain Citrix services.
More information is available at https://hackerone.com/citrix.**
If you are using a Citrix-managed cloud service and suspect your data may have been compromised or if you observe inconsistency or inaccuracy in your data, please report it to Citrix as soon as possible.
* Citrix recommends that vulnerability reports are encrypted using the PGP public key (fingerprint: 99FE 91C1 51A0 F7D5 4839 6044 351D 173A 623E 751C). When submitting a finding, please include as much detail as possible to aid with reproduction, testing, and resolution. Download the PGP key
Citrix will treat all information received as confidential. Internal distribution is limited to those individuals who have a legitimate need to know and can actively assist in the resolution. Similarly, Citrix asks reporters to maintain strict confidentiality until complete resolutions are available for customers and have been published on the Citrix website.
** Only valid reports submitted through the bug bounty program will be eligible for a financial reward. The Citrix Security Response Team are unable to respond to questions about bug bounty scope or submissions, these should be directed to the bug bounty team at HackerOne.