漏洞标题
N/A
漏洞描述信息
"所有 Citrix ShareFile StorageZones(也称为存储区)控制器版本都存在一个任意文件写入问题,包括2020年5月最新的 5.10.x 发布,允许远程代码执行。对于由 ShareFile 托管的所有事物,包括在本地或 Citrix 云内部( both are internet facing),都 granted RCE 和文件访问。注意:与大多数 CVE(安全漏洞)不同,可利用性取决于执行特定配置步骤时正在使用的产品质量版本,而不是当前 CVE 消费者产品库存评估时正在使用的产品质量版本。具体而言,如果这些产品质量版本之一创建了存储区:5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0 或更早,那么这个漏洞可以被利用。这个 CVE 与 CVE-2020-7473 和 CVE-2020-8982 不同。"
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Citrix Systems Citrix ShareFile storage zones Controller 路径遍历漏洞
漏洞描述信息
Citrix Systems Citrix ShareFile是美国思杰系统(Citrix Systems)公司的一套文件共享解决方案。storage zones Controller是其中的一个存储区控制器。 Citrix Systems Citrix ShareFile storage zones Controller中存在路径遍历漏洞。攻击者可利用该漏洞访问ShareFile用户的文档和文件夹。以下产品及版本受到影响:Citrix ShareFile storage zones Controller
CVSS信息
N/A
漏洞类别
路径遍历