Sharefile Storagezones Controller
CVE-2018-16969
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.
AnalysisAI
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. Affected products include: Citrix Sharefile Storagezones Controller. Version information: before 5.4.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones)
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacke
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, in
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. Rated low severity (CVSS 3.1), this vu
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today