---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Critical Vulnerability in Citrix ShareFile'
version: '1.0'
number: '2021-050'
date: 'September 15, 2021'
---

_History:_

* _15/09/2021 --- v1.0 -- Initial publication_

# Summary

On September 14, Citrix released a Security Bulletin [1] to address a critical security issue identified in Citrix ShareFile storage zones controller. If the vulnerability identified as CVE-2021-22941 is exploited, it could allow an unauthenticated attacker to remotely compromise the storage zones controller [1].

Citrix recommends to upgrade the affected product as soon as possible.

# Technical Details

The vulnerability is tracked as CVE-2021-22941 and no technical details were shared by Citrix at the initial publication of the Security Bulletin.

# Products Affected

All currently supported versions of Citrix ShareFile storage zones controller before 5.11.20 are affected by this issue.

# Recommendations

This issue has been addressed in the following versions of Citrix ShareFile storage zones controller:

- ShareFile storage zones controller 5.11.20 and later versions

Update is available [1, 2]. CERT-EU recommends to update the affected product as soon as possible.

# References

[1] <https://support.citrix.com/article/CTX328123>

[2] <https://www.citrix.com/downloads/sharefile/>