CVE-2021-22941

Warnung

EPSS 88.62%
Veröffentlicht 23.09.2021 13:15:08
Zuletzt bearbeitet 13.03.2025 20:43:32
Quelle support@hackerone.com
Teams Watchlist Login
Unerledigt Login

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Citrix ≫ Sharefile Storagezones Controller Version < 5.11.20

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix ShareFile Improper Access Control Vulnerability

Schwachstelle

Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	88.62%	0.995

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.citrix.com/article/CTX328123

Vendor Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2021-22941

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22941

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22941

EUVD