Citrix Sharefile vulnerabilities

CVE-2021-22941 [CRITICAL] CWE-284 CVE-2021-22941: Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the s CVE-2021-22941: Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. CISA KEV: Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated

CVE-2021-22932 [HIGH] CWE-311 CVE-2021-22932: An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption CVE-2021-22932: An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enab

CVE-2021-22891 [CRITICAL] CWE-862 CVE-2021-22891: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow una CVE-2021-22891: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.

CVE-2020-7473 [HIGH] CWE-22 CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of M CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depen

CVE-2020-8983 [HIGH] CWE-22 CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-prem

CVE-2020-8982 [HIGH] CWE-22 CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the mos CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix

CVE-2019-7217 [HIGH] CWE-203 CVE-2019-7217: Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application usern Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.

CVE-2019-7218 [MEDIUM] CWE-287 CVE-2019-7218: Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authen Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase

CVE-2018-16969 [MEDIUM] CWE-200 CVE-2018-16969: Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. CVE-2018-16969: Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.

CVE-2018-16968 [LOW] CWE-22 CVE-2018-16968: Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. CVE-2018-16968: Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.

CVE-2014-1910 [MEDIUM] CWE-310 CVE-2014-1910: Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-i CVE-2014-1910: Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.