cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-24489,https://securityvulnerability.io/vulnerability/CVE-2023-24489,Remote Compromise in Customer-Managed ShareFile Storage Zones Controller by Citrix,"A significant vulnerability has been identified in the customer-managed ShareFile Storage Zones Controller by Citrix. This vulnerability enables an unauthenticated attacker to potentially gain unauthorized remote access and compromise the system, posing serious security risks for users relying on this storage solution. It is essential for organizations using this product to apply the necessary mitigations and stay informed about updates.",Citrix,Citrix Sharefile Storage Zones Controller,9.8,CRITICAL,0.9722499847412109,true,2023-08-16T00:00:00.000Z,true,false,true,2023-08-16T00:00:00.000Z,true,false,false,,2023-07-10T22:15:00.000Z,0
CVE-2021-22941,https://securityvulnerability.io/vulnerability/CVE-2021-22941,Improper Access Control in Citrix ShareFile Storage Zones Controller,"Citrix ShareFile Storage Zones Controller versions prior to 5.11.20 are susceptible to an access control vulnerability, potentially allowing unauthorized attackers to compromise the system remotely. This issue may enable attackers to gain access to sensitive data stored within the storage zones controller, posing significant risks to data integrity and confidentiality.",Citrix,Citrix Sharefile Storage Zones Controller,9.8,CRITICAL,0.011859999969601631,true,2022-03-25T00:00:00.000Z,false,true,true,2021-10-12T14:52:38.000Z,true,false,false,,2021-09-23T12:44:31.000Z,0
CVE-2021-22932,https://securityvulnerability.io/vulnerability/CVE-2021-22932,Information Disclosure Vulnerability in Citrix ShareFile by Citrix,"An issue has been detected in the CTX269106 mitigation tool for the Citrix ShareFile storage zones controller, where the 'Enable Encryption' feature may inadvertently be disabled if previously selected. This affects users who have enabled encryption and subsequently run the mitigation tool without reactivating the setting. Users who either did not apply the mitigation tool or reactivated the encryption option after running it are not impacted. Proper attention to configuration settings is essential to maintain encryption and secure data.",Citrix,Citrix Sharefile Storage Zones Controller,7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2021-08-16T18:38:51.000Z,0
CVE-2021-22891,https://securityvulnerability.io/vulnerability/CVE-2021-22891,Unauthorized Access in Citrix ShareFile Storage Zones Controller,"A significant vulnerability in Citrix ShareFile Storage Zones Controller allows unauthenticated remote access, potentially enabling attackers to compromise the system. Affected versions prior to 5.7.3 and specific updates face risks due to inadequate authorization checks, emphasizing the importance of user authentication for protecting sensitive data.",Citrix,Citrix Sharefile Storage Zones Controller,9.8,CRITICAL,0.0034600000362843275,false,,false,false,false,,,false,false,,2021-05-27T11:15:16.000Z,0
CVE-2020-8983,https://securityvulnerability.io/vulnerability/CVE-2020-8983,Arbitrary File Write Vulnerability in Citrix ShareFile StorageZones Controller,"An arbitrary file write vulnerability exists in the Citrix ShareFile StorageZones Controller, allowing potential remote code execution. This issue affects all versions, particularly those previously utilized for creating storage zones, including versions up to 5.9.0. The vulnerability can be exploited through setups created by earlier versions (5.5.0 and prior). This may expose sensitive data and system operations hosted on both on-premise infrastructure and Citrix Cloud, making it critical for users to audit and manage their deployed versions accordingly.",Citrix,Sharefile Storagezones Controller,7.5,HIGH,0.01907999999821186,false,,false,false,false,,,false,false,,2020-05-07T13:57:03.000Z,0
CVE-2020-8982,https://securityvulnerability.io/vulnerability/CVE-2020-8982,Unauthenticated File Read Vulnerability in Citrix ShareFile StorageZones Controller,"An unauthenticated arbitrary file read vulnerability exists in Citrix ShareFile StorageZones Controller that affects all versions up to 5.10.x. The vulnerability allows attackers to gain unauthorized access to files hosted on both on-premises installations and Citrix Cloud. The exploitability of this vulnerability hinges on the version of the product used during the initial configuration of the storage zone. Specifically, it can be exploited if the storage zone was created using versions 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. Since the access is granted to everything hosted by ShareFile, organizations using this service must ensure their configurations are securely managed to mitigate potential risks.",Citrix,Sharefile Storagezones Controller,7.5,HIGH,0.7497199773788452,false,,false,false,false,,,false,false,,2020-05-07T13:55:59.000Z,0
CVE-2020-7473,https://securityvulnerability.io/vulnerability/CVE-2020-7473,Access Vulnerability in Citrix ShareFile StorageZones Controller,"In Citrix ShareFile StorageZones Controller, all versions allow unauthenticated users to access sensitive documents and folders under specific circumstances. The exploit relies on previous setup steps performed with older product versions, particularly those from 5.9.0 to 5.5.0, which can compromise user data. This vulnerability poses significant security risks, enabling unauthorized access to user information and documents.",Citrix,Sharefile Storagezones Controller,7.5,HIGH,0.008299999870359898,false,,false,false,true,2020-04-17T18:48:38.000Z,true,false,false,,2020-05-07T13:54:24.000Z,0
CVE-2019-7218,https://securityvulnerability.io/vulnerability/CVE-2019-7218,Two-Factor Authentication Bypass in Citrix ShareFile by Citrix,"Citrix ShareFile prior to version 19.23 has a vulnerability that allows attackers to bypass two-factor authentication by leveraging offline access to the user's one-time password (OTP) token. If an attacker acquires either the physical OTP token or the virtual application such as Google Authenticator, they can skip the first phase of authentication (username and password) and directly log in using only the username and OTP. This poses a significant risk to user accounts and sensitive information stored within the application.",Citrix,Sharefile,5.9,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2019-05-13T18:19:19.000Z,0
CVE-2019-7217,https://securityvulnerability.io/vulnerability/CVE-2019-7217,User Enumeration Vulnerability in Citrix ShareFile by Citrix Systems,"A security vulnerability in Citrix ShareFile prior to version 19.12 allows attackers to perform user enumeration. This occurs when the application responds differently to OTP (One-Time Password) verification attempts based on whether the username exists. As a result, unauthorized individuals can potentially verify valid usernames without any authentication, posing a risk to user accounts and overall system security.",Citrix,Sharefile,7.5,HIGH,0.004370000213384628,false,,false,false,false,,,false,false,,2019-05-13T18:08:17.000Z,0
CVE-2018-16969,https://securityvulnerability.io/vulnerability/CVE-2018-16969,,Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.,Citrix,Sharefile Storagezones Controller,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2018-09-26T21:00:00.000Z,0
CVE-2018-16968,https://securityvulnerability.io/vulnerability/CVE-2018-16968,,Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.,Citrix,Sharefile Storagezones Controller,3.1,LOW,0.0006300000241026282,false,,false,false,false,,,false,false,,2018-09-26T21:00:00.000Z,0
CVE-2014-1910,https://securityvulnerability.io/vulnerability/CVE-2014-1910,,"Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",Citrix,"Sharefile Mobile For Tablets,Sharefile Mobile",,,0.0007999999797903001,false,,false,false,false,,,false,false,,2014-02-21T15:00:00.000Z,0