de | English
IT Security May 6, 2020

Vulnerability in Citrix Sharefile – We help you.

Citrix issued a security warning (CVE-2020-7473, CVE-2020-8982, CVE-2020-8983) for its Content Collaboration (formerly Citrix Sharefile) product on 05.05.2020 with a request to close it as soon as possible.

Share article

Olaf Schäfer
Principal Consultant

The exact wording of the announcement can be found here. The gap concerns sharefile installations with Storage Zone Controllers in the own data center (on-premise). It does not matter how up-to-date the software of the Storage Zone Controller is - the gap was created by a vulnerable controller during the installation and creation of the zone.

 

If these vulnerabilities are exploited, an unauthenticated attacker could compromise the Storage Zone Controller and possibly allow it to access the documents and folders of ShareFile users. According to Citrix, versions in the cloud have already been secured accordingly.

 

Therefore, all zones created by Storage Zone Controllers in subsequent versions are affected:

  • ShareFile Storage Zone Controller 5.9.0
  • ShareFile Storage Zone Controller 5.8.0
  • ShareFile Storage Zone Controller 5.7.0
  • ShareFile Storage Zone Controller 5.6.0
  • ShareFile Storage Zone Controller 5.5.0
  • All earlier versions of the ShareFile Storage Zone Controller

According to Citrix, the following versions are not affected (used when creating the zone):

  • ShareFile Storage Zone Controller 5.10.0 and later
  • ShareFile Storage Zone Controller 5.9.1 and later
  • ShareFile Storage Zone Controller 5.8.1 and later
  • ShareFile Storage Zone Controller 5.7.1 and later
  • ShareFile Storage Zone Controller 5.6.1 and later
  • ShareFile Storage Zones Controller 5.5.1 and later

Citrix provides a tool to close the above mentioned gap. It can be downloaded from the customer account. The exact procedure is described in this article, where all affected controllers are listed again.

 

As one of the largest Citrix partners, Bechtle offers all customers active support in the necessary fault clearance. You can register using the link below and a Citrix Content Collaboration (formerly Citrix Sharefile) specialist will immediately contact you to carry out the necessary fault clearance procedures.

 

We offer this possibility for all companies and customers using Citrix Content Collaboration (Citrix Sharefile).

 

Get in touch with us