Arbitrary File Write Vulnerability in Citrix ShareFile StorageZones Controller
CVE-2020-8983

7.5HIGH

Key Information:

Vendor
Citrix
Status
Sharefile Storagezones Controller
Vendor
CVE Published:
7 May 2020

Summary

An arbitrary file write vulnerability exists in the Citrix ShareFile StorageZones Controller, allowing potential remote code execution. This issue affects all versions, particularly those previously utilized for creating storage zones, including versions up to 5.9.0. The vulnerability can be exploited through setups created by earlier versions (5.5.0 and prior). This may expose sensitive data and system operations hosted on both on-premise infrastructure and Citrix Cloud, making it critical for users to audit and manage their deployed versions accordingly.

References

https://support.citrix.com/article/CTX269106
x_refsource_CONFIRM
https://drive.google.com/file/d/15iy6S8CN9Hku0a2zrcrXK9FA...
x_refsource_MISC
https://www.linkedin.com/posts/jonas-hansen-2a2606b_citri...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.