{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-050.pdf"
    },
    "title": "Critical Vulnerability in Citrix ShareFile",
    "serial_number": "2021-050",
    "publish_date": "15-09-2021 08:22:00",
    "description": "On September 14, Citrix released a Security Bulletin to address a critical security issue identified in Citrix ShareFile storage zones controller. If the vulnerability identified as CVE-2021-22941 is exploited, it could allow an unauthenticated attacker to remotely compromise the storage zones controller.<br>Citrix recommends to upgrade the affected product as soon as possible.",
    "url_title": "2021-050",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Citrix ShareFile'\nversion: '1.0'\nnumber: '2021-050'\ndate: 'September 15, 2021'\n---\n\n_History:_\n\n* _15/09/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn September 14, Citrix released a Security Bulletin [1] to address a critical security issue identified in Citrix ShareFile storage zones controller. If the vulnerability identified as CVE-2021-22941 is exploited, it could allow an unauthenticated attacker to remotely compromise the storage zones controller [1].\n\nCitrix recommends to upgrade the affected product as soon as possible.\n\n# Technical Details\n\nThe vulnerability is tracked as CVE-2021-22941 and no technical details were shared by Citrix at the initial publication of the Security Bulletin.\n\n# Products Affected\n\nAll currently supported versions of Citrix ShareFile storage zones controller before 5.11.20 are affected by this issue.\n\n# Recommendations\n\nThis issue has been addressed in the following versions of Citrix ShareFile storage zones controller:\n\n- ShareFile storage zones controller 5.11.20 and later versions\n\nUpdate is available [1, 2]. CERT-EU recommends to update the affected product as soon as possible.\n\n# References\n\n[1] <https://support.citrix.com/article/CTX328123>\n\n[2] <https://www.citrix.com/downloads/sharefile/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/09/2021 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On September 14, Citrix released a Security Bulletin [1] to address a critical security issue identified in Citrix ShareFile storage zones controller. If the vulnerability identified as CVE-2021-22941 is exploited, it could allow an unauthenticated attacker to remotely compromise the storage zones controller [1].</p><p>Citrix recommends to upgrade the affected product as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability is tracked as CVE-2021-22941 and no technical details were shared by Citrix at the initial publication of the Security Bulletin.</p><h2 id=\"products-affected\">Products Affected</h2><p>All currently supported versions of Citrix ShareFile storage zones controller before 5.11.20 are affected by this issue.</p><h2 id=\"recommendations\">Recommendations</h2><p>This issue has been addressed in the following versions of Citrix ShareFile storage zones controller:</p><ul><li>ShareFile storage zones controller 5.11.20 and later versions</li></ul><p>Update is available [1, 2]. CERT-EU recommends to update the affected product as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.citrix.com/article/CTX328123\">https://support.citrix.com/article/CTX328123</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.citrix.com/downloads/sharefile/\">https://www.citrix.com/downloads/sharefile/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}