Unauthenticated File Read Vulnerability in Citrix ShareFile StorageZones Controller
CVE-2020-8982

7.5HIGH

Key Information:

Vendor
Citrix
Status
Sharefile Storagezones Controller
Vendor
CVE Published:
7 May 2020

Summary

An unauthenticated arbitrary file read vulnerability exists in Citrix ShareFile StorageZones Controller that affects all versions up to 5.10.x. The vulnerability allows attackers to gain unauthorized access to files hosted on both on-premises installations and Citrix Cloud. The exploitability of this vulnerability hinges on the version of the product used during the initial configuration of the storage zone. Specifically, it can be exploited if the storage zone was created using versions 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. Since the access is granted to everything hosted by ShareFile, organizations using this service must ensure their configurations are securely managed to mitigate potential risks.

References

https://support.citrix.com/article/CTX269106
x_refsource_CONFIRM
https://www.linkedin.com/posts/jonas-hansen-2a2606b_citri...
x_refsource_MISC
https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL...
x_refsource_MISC

EPSS Score

74% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.