CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-7473

HIGH
7.5
CVSS Severity Score
EPSS Score0.1540%
EPSS Percentile30.60th
Published2020年5月7日
Last Modified2024年11月21日

Vulnerability Description

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.

Affected Platforms (CPE)

📦
Citrix

Sharefile Storagezones Controller

<= 5.5.0
📦
Citrix

Sharefile Storagezones Controller

= 5.6.0
📦
Citrix

Sharefile Storagezones Controller

= 5.7.0
📦
Citrix

Sharefile Storagezones Controller

= 5.8.0
📦
Citrix

Sharefile Storagezones Controller

= 5.9.0

References & Advisories

🔗 https://support.citrix.com/article/CTX269106
🔗 https://support.citrix.com/article/CTX269106

相關漏洞威脅

CVE-2020-89827.5

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controlle...

CVE-2020-89837.5

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including th...

CVE-2018-169694.3

Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.

CVE-2018-169683.1

Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.