CVE-2021-22932

{"id": "CVE-2021-22932", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-08-16T19:15:13.243", "references": [{"url": "https://support.citrix.com/article/CTX322787", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected \u201cEnable Encryption\u201d in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected \u201cEnable Encryption\u201d immediately after running the tool are unaffected by this issue."}, {"lang": "es", "value": "Se ha identificado un problema en la herramienta de mitigaci\u00f3n CTX269106 para el controlador de zonas de almacenamiento de Citrix ShareFile que hace que la opci\u00f3n de cifrado de archivos de ShareFile se desactive si estaba previamente habilitada. Unos clientes s\u00f3lo est\u00e1n afectados por este problema si previamente seleccionaron \"Enable Encryption\" en la p\u00e1gina de configuraci\u00f3n de ShareFile y no volvieron a seleccionar esta configuraci\u00f3n despu\u00e9s de ejecutar la herramienta de mitigaci\u00f3n CTX269106. Unos clientes de ShareFile que no hayan ejecutado la herramienta de mitigaci\u00f3n CTX269106 o que hayan vuelto a seleccionar \"Enable Encryption\" inmediatamente despu\u00e9s de ejecutar la herramienta no se ver\u00e1n afectados por este problema."}], "lastModified": "2021-08-31T15:55:27.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F190E4-1385-45BB-B1A5-618B960322BE", "versionEndExcluding": "5.11.19"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}