Sharefile Storagezones Controller
CVE-2018-16968
LOW
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
AnalysisAI
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. Affected products include: Citrix Sharefile Storagezones Controller. Version information: before 5.4.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones)
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacke
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, in
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. Rated medium se
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today