cbcvebase.
CVE-2021-22891
published 2021-05-27

CVE-2021-22891: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.08%
61.0th percentile
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.

Affected

6 ranges
VendorProductVersion rangeFixed in
citrixsharefile
citrixsharefile_storagezones_controller>= 5.10 < 5.10.15.10.1
citrixsharefile_storagezones_controller>= 5.11 < 5.11.185.11.18
citrixsharefile_storagezones_controller>= 5.7 < 5.7.35.7.3
citrixsharefile_storagezones_controller5.8 – 5.8.3
citrixsharefile_storagezones_controller>= 5.9 < 5.9.35.9.3

Detection & IOCsextracted from sources · hover to see the quote

  • Target product is Citrix ShareFile Storage Zones Controller; versions before 5.7.3, 5.8.3, 5.9.3, 5.10.1, and 5.11.18 are vulnerable to unauthenticated remote compromise via missing authorization
  • ·No specific exploit payloads, network indicators, or file-based IOCs are disclosed in the available sources. Detection should focus on anomalous unauthenticated requests to Citrix ShareFile Storage Zones Controller endpoints and version enumeration to identify unpatched instances (pre-5.7.3, 5.8.3, 5.9.3, 5.10.1, 5.11.18).

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.