CVE-2021-22941: 
Citrix ShareFile StorageZones Controller vulnerability analysis and mitigation

Citrix ShareFile storage zones controller before version 5.11.20 contains a critical vulnerability (CVE-2021-22941) that allows an unauthenticated attacker to remotely compromise the storage zones controller. The vulnerability was disclosed in September 2021 and was assigned a CVSS v3.1 base score of 9.8 (Critical) (NVD).

The vulnerability is an improper access control issue that allows path traversal through the uploadid parameter in HTTP GET requests. The flaw enables attackers to overwrite existing files on the target server. The vulnerability received a CVSS v3.1 base score of 9.8 CRITICAL (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

Successful exploitation of this vulnerability allows an unauthenticated attacker to achieve remote code execution on the affected system, potentially leading to complete compromise of the storage zones controller. The vulnerability enables attackers to overwrite critical system files and execute arbitrary commands (CrowdStrike).

Organizations should upgrade their Citrix ShareFile storage zones controller to version 5.11.20 or later to address this vulnerability. The issue was added to CISA's Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch by April 15, 2022 (NVD).