From securityaffairs.com
Citrix ShareFile is a widely used cloud-based file-sharing application, which is affected by the critical remote code execution (RCE) tracked as CVE-2023-24489 (CVSS score of 9.1).
The flaw impacts the customer-managed ShareFile storage zones controller, an unauthenticated, remote attacker can trigger the flaw to compromise the controller by uploading arbitrary file or executing arbitrary code.
Citrix addressed the vulnerability in June 2023 with the release of version 5.11.24.
“A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.” the company said in an advisory. “This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24.”