The exact wording of the announcement can be found here. The gap concerns sharefile installations with Storage Zone Controllers in the own data center (on-premise). It does not matter how up-to-date the software of the Storage Zone Controller is - the gap was created by a vulnerable controller during the installation and creation of the zone.
If these vulnerabilities are exploited, an unauthenticated attacker could compromise the Storage Zone Controller and possibly allow it to access the documents and folders of ShareFile users. According to Citrix, versions in the cloud have already been secured accordingly.
Therefore, all zones created by Storage Zone Controllers in subsequent versions are affected:
- ShareFile Storage Zone Controller 5.9.0
- ShareFile Storage Zone Controller 5.8.0
- ShareFile Storage Zone Controller 5.7.0
- ShareFile Storage Zone Controller 5.6.0
- ShareFile Storage Zone Controller 5.5.0
- All earlier versions of the ShareFile Storage Zone Controller
According to Citrix, the following versions are not affected (used when creating the zone):
- ShareFile Storage Zone Controller 5.10.0 and later
- ShareFile Storage Zone Controller 5.9.1 and later
- ShareFile Storage Zone Controller 5.8.1 and later
- ShareFile Storage Zone Controller 5.7.1 and later
- ShareFile Storage Zone Controller 5.6.1 and later
- ShareFile Storage Zones Controller 5.5.1 and later
Citrix provides a tool to close the above mentioned gap. It can be downloaded from the customer account.
As one of the largest Citrix partners, Bechtle offers all customers active support in the necessary fault clearance. You can register using the link below and a Citrix Content Collaboration (formerly Citrix Sharefile) specialist will immediately contact you to carry out the necessary fault clearance procedures.
We offer this possibility for all companies and customers using Citrix Content Collaboration (Citrix Sharefile).
