Unauthenticated File Read Vulnerability in Citrix ShareFile StorageZones Controller
CVE-2020-8982

7.5HIGH

Key Information:

Vendor

Citrix
Status
Sharefile Storagezones Controller
Vendor
CVE Published:
7 May 2020

What is CVE-2020-8982?

An unauthenticated arbitrary file read vulnerability exists in Citrix ShareFile StorageZones Controller that affects all versions up to 5.10.x. The vulnerability allows attackers to gain unauthorized access to files hosted on both on-premises installations and Citrix Cloud. The exploitability of this vulnerability hinges on the version of the product used during the initial configuration of the storage zone. Specifically, it can be exploited if the storage zone was created using versions 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. Since the access is granted to everything hosted by ShareFile, organizations using this service must ensure their configurations are securely managed to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://support.citrix.com/article/CTX269106
x_refsource_CONFIRM
https://www.linkedin.com/posts/jonas-hansen-2a2606b_citri...
x_refsource_MISC
https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL...
x_refsource_MISC

EPSS Score

75% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.