CVE-2021-22891
published 2021-05-27CVE-2021-22891: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.08%
61.0th percentile
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | sharefile | — | — |
| citrix | sharefile_storagezones_controller | >= 5.10 < 5.10.1 | 5.10.1 |
| citrix | sharefile_storagezones_controller | >= 5.11 < 5.11.18 | 5.11.18 |
| citrix | sharefile_storagezones_controller | >= 5.7 < 5.7.3 | 5.7.3 |
| citrix | sharefile_storagezones_controller | 5.8 – 5.8.3 | — |
| citrix | sharefile_storagezones_controller | >= 5.9 < 5.9.3 | 5.9.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is Citrix ShareFile Storage Zones Controller; versions before 5.7.3, 5.8.3, 5.9.3, 5.10.1, and 5.11.18 are vulnerable to unauthenticated remote compromise via missing authorization ↗
- ·No specific exploit payloads, network indicators, or file-based IOCs are disclosed in the available sources. Detection should focus on anomalous unauthenticated requests to Citrix ShareFile Storage Zones Controller endpoints and version enumeration to identify unpatched instances (pre-5.7.3, 5.8.3, 5.9.3, 5.10.1, 5.11.18). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2021-22891: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow una
vendor_citrix·2021-05-27·CVSS 9.8
CVE-2021-22891 [CRITICAL] CWE-862 CVE-2021-22891: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow una
CVE-2021-22891: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
GHSA
GHSA-8jfh-ph5c-r74h: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5
ghsa_unreviewed·2022-05-24
CVE-2021-22891 [CRITICAL] CWE-862 GHSA-8jfh-ph5c-r74h: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-27
Published