Citrix Sharefile
Known Exploited Citrix Sharefile Vulnerabilities
The following Citrix Sharefile vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Citrix ShareFile Improper Access Control Vulnerability | Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. CVE-2021-22941 | March 25, 2022 |
By the Year
In 2024 there have been 0 vulnerabilities in Citrix Sharefile . Sharefile did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 2 | 6.70 |
2018 | 0 | 0.00 |
It may take a day or so for new Sharefile vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Citrix Sharefile Security Vulnerabilities
Citrix ShareFile before 19.12 allows User Enumeration
CVE-2019-7217
7.5 - High
- May 13, 2019
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
Side Channel Attack
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication
CVE-2019-7218
5.9 - Medium
- May 13, 2019
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Citrix Sharefile or by Citrix? Click the Watch button to subscribe.