CVE-2021-22941

CRITICAL KEV RANSOMWARE

Citrix ShareFile <5.11.20 - Info Disclosure

Title source: llm

Description

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Exploits (3)

nomisec WORKING POC 14 stars

by hoav18 · poc

https://github.com/hoav18/CVE-2021-22941

View Code ZIP pw:eip

nomisec WORKING POC

by pratikjojode · poc

https://github.com/pratikjojode/citrix-cve-2021-22941-lab

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/hoavt184/cve-2021-22941

View Code ZIP pw:eip

References (2)

[Broken Link, Vendor Advisory] https://support.citrix.com/article/CTX328123

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22941

Scores

CVSS v3 9.8

EPSS 0.8780

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25

VulnCheck KEV 2022-03-07

InTheWild.io 2021-09-21

ENISA EUVD EUVD-2021-10070

Ransomware Use Confirmed

CWE

CWE-284

Status published

Products (1)

citrix/sharefile_storagezones_controller < 5.11.20

Published Sep 23, 2021

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026