Citrix issued a security warning (CVE-2020-7473, CVE-2020-8982, CVE-2020-8983) for its Content Collaboration (formerly Citrix Sharefile) product on 05.05.2020 with a request to close it as soon as possible.
The exact wording of the announcement can be found here. The gap concerns sharefile installations with Storage Zone Controllers in the own data center (on-premise). It does not matter how up-to-date the software of the Storage Zone Controller is - the gap was created by a vulnerable controller during the installation and creation of the zone.
If these vulnerabilities are exploited, an unauthenticated attacker could compromise the Storage Zone Controller and possibly allow it to access the documents and folders of ShareFile users. According to Citrix, versions in the cloud have already been secured accordingly.
Therefore, all zones created by Storage Zone Controllers in subsequent versions are affected:
According to Citrix, the following versions are not affected (used when creating the zone):
Citrix provides a tool to close the above mentioned gap. It can be downloaded from the customer account. The exact procedure is described in this article, where all affected controllers are listed again.
As one of the largest Citrix partners, Bechtle offers all customers active support in the necessary fault clearance. You can register using the link below and a Citrix Content Collaboration (formerly Citrix Sharefile) specialist will immediately contact you to carry out the necessary fault clearance procedures.
We offer this possibility for all companies and customers using Citrix Content Collaboration (Citrix Sharefile).