FrSIRT is reporting a serious remotely and locally exploitable vulnerability, Citrix Access Gateway Advanced Access Control LDAP Authentication Bypass, "which could be exploited by attackers to gain unauthorized access to a vulnerable application without supplying valid credentials.". At this time FrSIRT's links to Citrix are dead and I can't find any related information at Citrix.
UPDATE We were notified by Jerry that the FrSIRT links were working as of Saturday evening, September 16. Thanks Jerry.