Citrix Sharefile Storagezones Controller vulnerabilities

CVE-2021-22941 [CRITICAL] CWE-284 CVE-2021-22941: Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an una Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

CVE-2021-22932 [HIGH] CWE-311 CVE-2021-22932: An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones con An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-

CVE-2021-22891 [CRITICAL] CWE-862 CVE-2021-22891: A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7 A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.

CVE-2020-7473 [HIGH] CWE-22 CVE-2020-7473: In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup

CVE-2020-8982 [HIGH] CVE-2020-8982: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploit

CVE-2020-8983 [HIGH] CVE-2020-8983: An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage z An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unli

CVE-2018-16969 [MEDIUM] CWE-200 CVE-2018-16969: Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Mess Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.

CVE-2018-16968 [LOW] CWE-22 CVE-2018-16968: Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.