Vulnerabilites related to citrix - sharefile_storagezones_controller
Vulnerability from fkie_nvd
Published
2020-05-07 14:15
Modified
2024-11-21 05:37
Severity ?
Summary
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.citrix.com/article/CTX269106 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX269106 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | sharefile_storagezones_controller | * | |
| citrix | sharefile_storagezones_controller | 5.6.0 | |
| citrix | sharefile_storagezones_controller | 5.7.0 | |
| citrix | sharefile_storagezones_controller | 5.8.0 | |
| citrix | sharefile_storagezones_controller | 5.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDF2EB6-BDE8-42F1-AE12-3370B3CBC053",
"versionEndIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C78467E3-DBB4-4C65-A80A-5482B95AD0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBF1D87-DB8B-4F4A-9EDE-A73428734361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17B1B70C-376C-456A-A335-E23A0E922ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90EDDA18-9157-4408-9C8D-92B242312950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk."
},
{
"lang": "es",
"value": "En determinadas situaciones, todas las versiones del Controlador de Citrix ShareFile StorageZones (tambi\u00e9n se conoce como storage zones), incluidas las versiones 5.10.x m\u00e1s recientes a partir de Mayo de 2020, permiten a atacantes no autenticados acceder a los documentos y carpetas de los usuarios de ShareFile. NOTA: a diferencia de la mayor\u00eda de los CVE, la explotabilidad depende de la versi\u00f3n del producto que estaba en uso cuando un paso de configuraci\u00f3n particular fue realizado, NO de la versi\u00f3n del producto que est\u00e1 en uso durante una evaluaci\u00f3n actual del inventario de productos de un consumidor de CVE. Espec\u00edficamente, la vulnerabilidad puede ser explotada si una zona de almacenamiento fue creada por una de estas versiones del producto: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0 o anterior. Este CVE difiere de CVE-2020-8982 y CVE-2020-8983, pero tiene esencialmente el mismo riesgo."
}
],
"id": "CVE-2020-7473",
"lastModified": "2024-11-21T05:37:12.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-07T14:15:11.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX269106"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-07 14:15
Modified
2024-11-21 05:39
Severity ?
Summary
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | sharefile_storagezones_controller | * | |
| citrix | sharefile_storagezones_controller | 5.6.0 | |
| citrix | sharefile_storagezones_controller | 5.7.0 | |
| citrix | sharefile_storagezones_controller | 5.8.0 | |
| citrix | sharefile_storagezones_controller | 5.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDF2EB6-BDE8-42F1-AE12-3370B3CBC053",
"versionEndIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C78467E3-DBB4-4C65-A80A-5482B95AD0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBF1D87-DB8B-4F4A-9EDE-A73428734361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17B1B70C-376C-456A-A335-E23A0E922ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90EDDA18-9157-4408-9C8D-92B242312950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983."
},
{
"lang": "es",
"value": "Existe un problema de lectura de archivos arbitrarios no autenticado en todas las versiones del controlador Citrix ShareFile StorageZones (tambi\u00e9n conocido como zonas de almacenamiento), incluidas las versiones m\u00e1s recientes de 5.10.x a partir de mayo de 2020. Se otorga acceso a archivos y RCE a todo lo alojado por ShareFile, ya sea en- local o dentro de Citrix Cloud (ambos tienen conexi\u00f3n a internet). NOTA: a diferencia de la mayor\u00eda de los CVE, la capacidad de explotaci\u00f3n depende de la versi\u00f3n del producto que estaba en uso cuando se realiz\u00f3 un paso de configuraci\u00f3n particular, NO de la versi\u00f3n del producto que est\u00e1 en uso durante una evaluaci\u00f3n actual del inventario de productos de un consumidor de CVE. Espec\u00edficamente, la vulnerabilidad puede explotarse si una de estas versiones del producto cre\u00f3 una zona de almacenamiento: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0 o anterior. Este CVE difiere de CVE-2020-7473 y CVE-2020-8983."
}
],
"id": "CVE-2020-8982",
"lastModified": "2024-11-21T05:39:46.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-07T14:15:12.010",
"references": [
{
"source": "cve@mitre.org",
"url": "https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/view"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"source": "cve@mitre.org",
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-16 19:15
Modified
2024-11-21 05:50
Severity ?
Summary
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX322787 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX322787 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | sharefile_storagezones_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F190E4-1385-45BB-B1A5-618B960322BE",
"versionEndExcluding": "5.11.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected \u201cEnable Encryption\u201d in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected \u201cEnable Encryption\u201d immediately after running the tool are unaffected by this issue."
},
{
"lang": "es",
"value": "Se ha identificado un problema en la herramienta de mitigaci\u00f3n CTX269106 para el controlador de zonas de almacenamiento de Citrix ShareFile que hace que la opci\u00f3n de cifrado de archivos de ShareFile se desactive si estaba previamente habilitada. Unos clientes s\u00f3lo est\u00e1n afectados por este problema si previamente seleccionaron \"Enable Encryption\" en la p\u00e1gina de configuraci\u00f3n de ShareFile y no volvieron a seleccionar esta configuraci\u00f3n despu\u00e9s de ejecutar la herramienta de mitigaci\u00f3n CTX269106. Unos clientes de ShareFile que no hayan ejecutado la herramienta de mitigaci\u00f3n CTX269106 o que hayan vuelto a seleccionar \"Enable Encryption\" inmediatamente despu\u00e9s de ejecutar la herramienta no se ver\u00e1n afectados por este problema."
}
],
"id": "CVE-2021-22932",
"lastModified": "2024-11-21T05:50:57.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-16T19:15:13.243",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX322787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX322787"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-26 21:29
Modified
2024-11-21 03:53
Severity ?
Summary
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105377 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.citrix.com/article/CTX238022 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105377 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX238022 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | sharefile_storagezones_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8624AD-6DDB-4CF1-AEB0-08DB86EF1EB0",
"versionEndExcluding": "5.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal."
},
{
"lang": "es",
"value": "Citrix ShareFile StorageZones Controller en versiones anteriores a la 5.4.2 permite el salto de directorio."
}
],
"id": "CVE-2018-16968",
"lastModified": "2024-11-21T03:53:36.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T21:29:01.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105377"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX238022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX238022"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 12:15
Modified
2024-11-21 05:50
Severity ?
Summary
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX310780 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX310780 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB535EC0-5AB4-498E-AD8D-F3CA564A6CD6",
"versionEndExcluding": "5.7.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3873E77F-8680-43C8-921C-4B11453D023A",
"versionEndIncluding": "5.8.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E023DA-A414-4F32-93A5-83235C7FC670",
"versionEndExcluding": "5.9.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74129D0-F8B2-4A07-918F-2BB08332F08A",
"versionEndExcluding": "5.10.1",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC92E6C-D49A-438D-9007-C8039F63E1C5",
"versionEndExcluding": "5.11.18",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de falta de autorizaci\u00f3n en Citrix ShareFile Storage Zones Controller versiones anteriores a 5.7.3, 5.8.3, 5.9.3, 5.10.1 y 5.11.18, pueden permitir el compromiso remoto no autenticado del Storage Zones Controller"
}
],
"id": "CVE-2021-22891",
"lastModified": "2024-11-21T05:50:51.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T12:15:07.847",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX310780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX310780"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 13:15
Modified
2025-02-04 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://support.citrix.com/article/CTX328123 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX328123 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | sharefile_storagezones_controller | * |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Citrix ShareFile Improper Access Control Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CE40EA-439D-44DE-A9A1-40AB7D4FA6F1",
"versionEndExcluding": "5.11.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller."
},
{
"lang": "es",
"value": "Un control de acceso inapropiado en Citrix ShareFile storage zones controller versiones anteriores a 5.11.20, podr\u00eda permitir a un atacante no autenticado comprometer remotamente el controlador de zonas de almacenamiento"
}
],
"id": "CVE-2021-22941",
"lastModified": "2025-02-04T15:15:11.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-09-23T13:15:08.620",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX328123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX328123"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-26 21:29
Modified
2024-11-21 03:53
Severity ?
Summary
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105377 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.citrix.com/article/CTX238022 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105377 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX238022 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | sharefile_storagezones_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8624AD-6DDB-4CF1-AEB0-08DB86EF1EB0",
"versionEndExcluding": "5.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message."
},
{
"lang": "es",
"value": "Citrix ShareFile StorageZones Controller en versiones anteriores a la 5.4.2 tiene una exposici\u00f3n de informaci\u00f3n mediante un mensaje de error."
}
],
"id": "CVE-2018-16969",
"lastModified": "2024-11-21T03:53:37.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T21:29:01.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105377"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX238022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX238022"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-07 14:15
Modified
2024-11-21 05:39
Severity ?
Summary
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | sharefile_storagezones_controller | * | |
| citrix | sharefile_storagezones_controller | 5.6.0 | |
| citrix | sharefile_storagezones_controller | 5.7.0 | |
| citrix | sharefile_storagezones_controller | 5.8.0 | |
| citrix | sharefile_storagezones_controller | 5.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDF2EB6-BDE8-42F1-AE12-3370B3CBC053",
"versionEndIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C78467E3-DBB4-4C65-A80A-5482B95AD0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBF1D87-DB8B-4F4A-9EDE-A73428734361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17B1B70C-376C-456A-A335-E23A0E922ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90EDDA18-9157-4408-9C8D-92B242312950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982."
},
{
"lang": "es",
"value": "Existe un problema de escritura arbitraria de archivos en todas las versiones del controlador Citrix ShareFile StorageZones (tambi\u00e9n conocido como zonas de almacenamiento), incluidas las versiones m\u00e1s recientes de 5.10.x a partir de mayo de 2020, que permite la ejecuci\u00f3n remota de c\u00f3digo. El acceso a archivos y RCE se otorga a todo lo alojado por ShareFile, ya sea en las instalaciones o dentro de Citrix Cloud (ambos est\u00e1n orientados a Internet). NOTA: a diferencia de la mayor\u00eda de los CVE, la capacidad de explotaci\u00f3n depende de la versi\u00f3n del producto que estaba en uso cuando se realiz\u00f3 un paso de configuraci\u00f3n particular, NO de la versi\u00f3n del producto que est\u00e1 en uso durante una evaluaci\u00f3n actual del inventario de productos de un consumidor de CVE. Espec\u00edficamente, la vulnerabilidad puede explotarse si una de estas versiones del producto cre\u00f3 una zona de almacenamiento: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0 o anterior. Este CVE difiere de CVE-2020-7473 y CVE-2020-8982."
}
],
"id": "CVE-2020-8983",
"lastModified": "2024-11-21T05:39:46.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-07T14:15:12.057",
"references": [
{
"source": "cve@mitre.org",
"url": "https://drive.google.com/file/d/15iy6S8CN9Hku0a2zrcrXK9FAocmQvMwT/view?usp=sharing"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"source": "cve@mitre.org",
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://drive.google.com/file/d/15iy6S8CN9Hku0a2zrcrXK9FAocmQvMwT/view?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-22941
Vulnerability from cvelistv5
Published
2021-09-23 12:44
Modified
2025-02-04 14:43
Severity ?
EPSS score ?
Summary
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX328123 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ShareFile storage zones controller |
Version: 5.11.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX328123"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22941",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:43:28.928733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22941"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T14:43:39.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citrix ShareFile storage zones controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.11.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control - Generic (CWE-284)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:44:31.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX328123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ShareFile storage zones controller",
"version": {
"version_data": [
{
"version_value": "5.11.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX328123",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX328123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22941",
"datePublished": "2021-09-23T12:44:31.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2025-02-04T14:43:39.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16969
Vulnerability from cvelistv5
Published
2018-09-26 21:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105377 | vdb-entry, x_refsource_BID | |
| https://support.citrix.com/article/CTX238022 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX238022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX238022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105377"
},
{
"name": "https://support.citrix.com/article/CTX238022",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX238022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16969",
"datePublished": "2018-09-26T21:00:00",
"dateReserved": "2018-09-12T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8982
Vulnerability from cvelistv5
Published
2020-05-07 13:55
Modified
2024-08-04 10:19
Severity ?
EPSS score ?
Summary
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX269106 | x_refsource_CONFIRM | |
| https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/ | x_refsource_MISC | |
| https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/view | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/view"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-15T19:44:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/view"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX269106",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX269106"
},
{
"name": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/",
"refsource": "MISC",
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
},
{
"name": "https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/view",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/view"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8982",
"datePublished": "2020-05-07T13:55:59",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7473
Vulnerability from cvelistv5
Published
2020-05-07 13:54
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX269106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX269106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T13:54:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX269106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX269106",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX269106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7473",
"datePublished": "2020-05-07T13:54:24",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8983
Vulnerability from cvelistv5
Published
2020-05-07 13:57
Modified
2024-08-04 10:19
Severity ?
EPSS score ?
Summary
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:18.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/15iy6S8CN9Hku0a2zrcrXK9FAocmQvMwT/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-15T19:34:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX269106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/15iy6S8CN9Hku0a2zrcrXK9FAocmQvMwT/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer\u0027s product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX269106",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX269106"
},
{
"name": "https://drive.google.com/file/d/15iy6S8CN9Hku0a2zrcrXK9FAocmQvMwT/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/15iy6S8CN9Hku0a2zrcrXK9FAocmQvMwT/view?usp=sharing"
},
{
"name": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/",
"refsource": "MISC",
"url": "https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8983",
"datePublished": "2020-05-07T13:57:03",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-08-04T10:19:18.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22932
Vulnerability from cvelistv5
Published
2021-08-16 18:38
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX322787 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ShareFile Storage Zones Controller |
Version: Citrix ShareFile storage zones controller CTX269106 mitigation tool |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX322787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ShareFile Storage Zones Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix ShareFile storage zones controller CTX269106 mitigation tool"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected \u201cEnable Encryption\u201d in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected \u201cEnable Encryption\u201d immediately after running the tool are unaffected by this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "Missing Encryption of Sensitive Data (CWE-311)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T18:38:51",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX322787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ShareFile Storage Zones Controller",
"version": {
"version_data": [
{
"version_value": "Citrix ShareFile storage zones controller CTX269106 mitigation tool"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected \u201cEnable Encryption\u201d in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected \u201cEnable Encryption\u201d immediately after running the tool are unaffected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX322787",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX322787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22932",
"datePublished": "2021-08-16T18:38:51",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16968
Vulnerability from cvelistv5
Published
2018-09-26 21:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105377 | vdb-entry, x_refsource_BID | |
| https://support.citrix.com/article/CTX238022 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX238022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX238022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105377"
},
{
"name": "https://support.citrix.com/article/CTX238022",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX238022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16968",
"datePublished": "2018-09-26T21:00:00",
"dateReserved": "2018-09-12T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22891
Vulnerability from cvelistv5
Published
2021-05-27 11:15
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.citrix.com/article/CTX310780 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Citrix ShareFile Storage Zones Controller |
Version: 5.7.3, 5.8.3, 5.9.3, 5.10.1, 5.11.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX310780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix ShareFile Storage Zones Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.7.3, 5.8.3, 5.9.3, 5.10.1, 5.11.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization (CWE-862)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-27T11:15:16",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX310780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix ShareFile Storage Zones Controller",
"version": {
"version_data": [
{
"version_value": "5.7.3, 5.8.3, 5.9.3, 5.10.1, 5.11.18"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization (CWE-862)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX310780",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX310780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22891",
"datePublished": "2021-05-27T11:15:16",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}