CVE-2023-24489

Warning

EPSS 94.39%
Published 10.07.2023 22:15:09
Last modified 13.03.2025 19:52:52
Source secure@citrix.com
Teams watchlist Login
Open Login

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

Affected products Warnungen 1 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Sharefile Storage Zones Controller Version < 5.11.24

16.08.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability

Vulnerability

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.39%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@citrix.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489

Vendor Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2023-24489

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24489

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24489

EUVD