CVE-2021-22941

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 06, 2021
Published Date: September 23, 2021
Last Updated: July 30, 2025
Vendor: n/a
Product: Citrix ShareFile storage zones controller
Description: Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2022-03-25 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2021-10-12 14:52:38 UTC) Source
Used in Malware: Yes (added 2022-03-25 00:00:00 UTC) Source

References

https://support.citrix.com/article/CTX328123

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

hoavt18/CVE-2021-22941

Type: github • Created: 2021-10-12 14:52:38 UTC • Stars: 14

Timeline

CVE ID Reserved

January 06, 2021
CVE Published to Public

September 23, 2021
Proof of Concept Exploit Available

October 12, 2021
Exploit Used in Malware

March 25, 2022
Added to KEVIntel

March 25, 2022