CVE-2021-22891: 
Citrix ShareFile StorageZones Controller vulnerability analysis and mitigation

A critical missing authorization vulnerability (CVE-2021-22891) was discovered in Citrix ShareFile Storage Zones Controller affecting versions before 5.7.3, 5.8.3, 5.9.3, 5.10.1, and 5.11.18. The vulnerability was disclosed on April 27, 2021, and allows unauthenticated remote attackers to potentially compromise the Storage Zones Controller (NVD, CERT-FR).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited over the network with low attack complexity, requires no privileges or user interaction, and can result in high impact to confidentiality, integrity, and availability (NVD).

The vulnerability allows unauthenticated remote attackers to potentially achieve complete compromise of the Storage Zones Controller, affecting the confidentiality, integrity, and availability of the system (NVD).

Citrix has released security updates to address this vulnerability. Users should upgrade to versions 5.7.3, 5.8.3, 5.9.3, 5.10.1, or 5.11.18 or later depending on their current version (Citrix Advisory).

The vulnerability was considered critical by Citrix and received immediate attention from security organizations. The French national cybersecurity agency CERT-FR included this vulnerability in their security bulletin, highlighting its critical nature (CERT-FR).