CVE-2023-24489

Warnung

EPSS 94.39%
Veröffentlicht 10.07.2023 22:15:09
Zuletzt bearbeitet 13.03.2025 19:52:52
Quelle secure@citrix.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Citrix ≫ Sharefile Storage Zones Controller Version < 5.11.24

16.08.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability

Schwachstelle

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.39%	1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@citrix.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489

Vendor Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2023-24489

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24489

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24489

EUVD