Vulnerability Details : CVE-2021-22932
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue.
Products affected by CVE-2021-22932
- cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-22932
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-22932
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-22932
-
The product does not encrypt sensitive or critical information before storage or transmission.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2021-22932
-
https://support.citrix.com/article/CTX322787
Citrix ShareFile storage zones controller security updateVendor Advisory
Jump to