CVE-2020-7473
published 2020-05-07CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020…
PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
14.29%
96.2th percentile
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | sharefile | — | — |
| citrix | sharefile_storagezones_controller | <= 5.5.0 | — |
| citrix | sharefile_storagezones_controller | — | — |
| citrix | sharefile_storagezones_controller | — | — |
| citrix | sharefile_storagezones_controller | — | — |
| citrix | sharefile_storagezones_controller | — | — |
| citrix | xenserver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target unauthenticated access to ShareFile StorageZones Controller document/folder endpoints — exploitation is possible even on patched versions (5.10.x) if the storage zone was originally created under a vulnerable version (5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier) ↗
- →Monitor for unauthenticated HTTP requests to Citrix ShareFile StorageZones Controller endpoints that retrieve documents or folder listings — no session/auth token should be present in such requests ↗
- →Correlate CVE-2020-7473 detections with related CVE-2020-8982 (unauthenticated arbitrary file read) and CVE-2020-8983 (arbitrary file write / RCE) activity on the same StorageZones Controller host, as all three share the same exploitability condition and attack surface ↗
- ·Exploitability is determined by the version used to CREATE the storage zone, not the currently installed/running version. A fully patched 5.10.x controller remains exploitable if its storage zone was originally set up under version 5.9.0 or earlier. Version-based patch checks alone are insufficient to confirm remediation. ↗
- ·Both on-premise deployments and Citrix Cloud-hosted ShareFile instances are internet-facing and within scope for exploitation, per the related CVEs sharing the same root condition. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xqh7-34g2-j95q: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-8982 [HIGH] GHSA-xqh7-34g2-j95q: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983 but has essentially the same risk.
GHSA
GHSA-jjf5-33c4-34wr: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-8983 [HIGH] GHSA-jjf5-33c4-34wr: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982 but has essentially the same risk.
GHSA
GHSA-2p3q-x3x4-ww4x: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-7473 [HIGH] GHSA-2p3q-x3x4-ww4x: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
VulnCheck
Citrix ShareFile Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2020·CVSS 7.5
CVE-2020-8982 [HIGH] Citrix ShareFile Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Citrix ShareFile Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5
Citrix
CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of M
vendor_citrix·2020-05-07·CVSS 7.5
CVE-2020-7473 [HIGH] CWE-22 CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of M
CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.
Citrix
CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x
vendor_citrix·2020-05-07·CVSS 7.5
CVE-2020-8983 [HIGH] CWE-22 CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x
CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473
Citrix
CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the mos
vendor_citrix·2020-05-07·CVSS 7.5
CVE-2020-8982 [HIGH] CWE-22 CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the mos
CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.
Citrix
Citrix Security Bulletin CTX269106
vendor_citrix·CVSS 7.5
CVE-2020-7473 [HIGH] Citrix Security Bulletin CTX269106
Citrix Security Bulletin CTX269106
CVE References: CVE-2020-7473, CVE-2020-8982, CVE-2020-8983, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-05-07
Published