CVE-2020-7473

HIGH

Citrix Sharefile Storagezones Controller < 5.5.0 - Path Traversal

Title source: rule

Description

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk.

Exploits (1)

nomisec SCANNER 6 stars

by DimitriNL · poc

https://github.com/DimitriNL/CTX-CVE-2020-7473

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://support.citrix.com/article/CTX269106

Scores

CVSS v3 7.5

EPSS 0.6710

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (5)

citrix/sharefile_storagezones_controller 5.6.0

citrix/sharefile_storagezones_controller 5.7.0

citrix/sharefile_storagezones_controller 5.8.0

citrix/sharefile_storagezones_controller 5.9.0

citrix/sharefile_storagezones_controller < 5.5.0

Published May 07, 2020

Tracked Since Feb 18, 2026