CVE-2021-22932

An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://support.citrix.com/article/CTX322787	Vendor Advisory
https://support.citrix.com/article/CTX322787	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:50

Type	Values Removed	Values Added
References	~~() https://support.citrix.com/article/CTX322787 - Vendor Advisory~~	() https://support.citrix.com/article/CTX322787 - Vendor Advisory

Information

Published : 2021-08-16 19:15

Updated : 2024-11-21 05:50

NVD link : CVE-2021-22932

Mitre link : CVE-2021-22932

CVE.ORG link : CVE-2021-22932

JSON object : View

Products Affected

citrix

sharefile_storagezones_controller

CWE

CWE-311

Missing Encryption of Sensitive Data

{"id": "CVE-2021-22932", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-08-16T19:15:13.243", "references": [{"url": "https://support.citrix.com/article/CTX322787", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://support.citrix.com/article/CTX322787", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-311"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected \u201cEnable Encryption\u201d in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected \u201cEnable Encryption\u201d immediately after running the tool are unaffected by this issue."}, {"lang": "es", "value": "Se ha identificado un problema en la herramienta de mitigaci\u00f3n CTX269106 para el controlador de zonas de almacenamiento de Citrix ShareFile que hace que la opci\u00f3n de cifrado de archivos de ShareFile se desactive si estaba previamente habilitada. Unos clientes s\u00f3lo est\u00e1n afectados por este problema si previamente seleccionaron \"Enable Encryption\" en la p\u00e1gina de configuraci\u00f3n de ShareFile y no volvieron a seleccionar esta configuraci\u00f3n despu\u00e9s de ejecutar la herramienta de mitigaci\u00f3n CTX269106. Unos clientes de ShareFile que no hayan ejecutado la herramienta de mitigaci\u00f3n CTX269106 o que hayan vuelto a seleccionar \"Enable Encryption\" inmediatamente despu\u00e9s de ejecutar la herramienta no se ver\u00e1n afectados por este problema."}], "lastModified": "2024-11-21T05:50:57.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F190E4-1385-45BB-B1A5-618B960322BE", "versionEndExcluding": "5.11.19"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}