CVE-2019-7217 — Observable Discrepancy in Citrix Sharefile

CWE-203 — Observable Discrepancy3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Sharefile

Timeline

PublishedMay 13

Latest updateMay 24

Description

Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcitrix/sharefile< 19.12

▶citrixcitrix/sharefile

🔴Vulnerability Details

GHSA

GHSA-jg7x-2whq-4cvh: Citrix ShareFile through 19↗2022-05-24

▶

📋Vendor Advisories

Citrix

CVE-2019-7217: Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the↗2019-05-13

▶