CVE-2021-22941

Warning

EPSS 88.62%
Published 23.09.2021 13:15:08
Last modified 13.03.2025 20:43:32
Source support@hackerone.com
Teams watchlist Login
Open Login

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Affected products Warnungen 1 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Sharefile Storagezones Controller Version < 5.11.20

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix ShareFile Improper Access Control Vulnerability

Vulnerability

Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	88.62%	0.995

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.citrix.com/article/CTX328123

Vendor Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2021-22941

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22941

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22941

EUVD