Security News > 2020 > May > Citrix ShareFile Vulnerabilities Expose User Files

Citrix ShareFile Vulnerabilities Expose User Files
2020-05-06 11:28

Citrix this week announced that updates released for Citrix ShareFile storage zones controllers address several information disclosure vulnerabilities.

With storage zones controllers, the ShareFile Software-as-a-Service cloud storage also offers private storage for ShareFile data, which is known as storage zones.

The recently patched vulnerabilities, Citrix says, were identified in customer-managed Citrix ShareFile storage zone controllers.

Three different vulnerabilities received patches: CVE-2020-7473, CVE-2020-8982, and CVE-2020-8983, with the list of affected products including ShareFile Storage Zones Controller versions 5.5.0 to 5.9.0, as well as all earlier versions of ShareFile StorageZones Controller.

Citrix addressed the issues in Storage Zones Controller 5.10.0 and later, 5.9.1 and later, 5.8.1 and later, and 5.7.1 and later, as well as in ShareFile StorageZones Controller 5.6.1 and later, and 5.5.1 and later.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/37L85ajlG0k/citrix-sharefile-vulnerabilities-expose-user-files

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-7473 Path Traversal vulnerability in Citrix Sharefile Storagezones Controller
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users.
network
low complexity
citrix CWE-22
7.5
7.5
2020-05-07 CVE-2020-8982 Path Traversal vulnerability in Citrix Sharefile Storagezones Controller
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020.
network
low complexity
citrix CWE-22
7.5
7.5
2020-05-07 CVE-2020-8983 Path Traversal vulnerability in Citrix Sharefile Storagezones Controller
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution.
network
low complexity
citrix CWE-22
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213