CVE-2021-22932: 
Citrix ShareFile StorageZones Controller vulnerability analysis and mitigation

An issue was identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller (CVE-2021-22932) that causes the ShareFile file encryption option to become disabled if it had previously been enabled. This vulnerability affects customers who previously selected "Enable Encryption" in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. Customers who have not run the CTX269106 mitigation tool or who re-selected "Enable Encryption" immediately after running the tool are unaffected (NVD).

The vulnerability is classified as Missing Encryption of Sensitive Data (CWE-311). It has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability could lead to exposure of sensitive data due to the encryption feature being inadvertently disabled. This primarily affects confidentiality of data stored in the ShareFile storage zones controller, as indicated by the CVSS metrics showing high impact on confidentiality but no impact on integrity or availability (NVD).

Users who have run the CTX269106 mitigation tool should verify their ShareFile encryption settings and re-enable encryption if necessary. The issue affects versions up to (excluding) 5.11.19 of the ShareFile StorageZones Controller. Users should update to version 5.11.19 or later to address this vulnerability (NVD).