CVE-2021-22891

Published: May 27, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.

Affected (5)

Products: Citrix: Sharefile Storagezones Controller

Citrix

1 product

Sharefile Storagezones Controller

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Citrix Sharefile Storagezones Controller	From 5.10 to 5.10.1
Citrix Sharefile Storagezones Controller	From 5.11 to 5.11.18
Citrix Sharefile Storagezones Controller	From 5.7 to 5.7.3
Citrix Sharefile Storagezones Controller	From 5.8 to 5.8.3
Citrix Sharefile Storagezones Controller	From 5.9 to 5.9.3

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://support.citrix.com/article/CTX310780

Source: support@hackerone.com

PatchVendor Advisory

https://support.citrix.com/article/CTX310780

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.