Actively exploited vulnerability

CVE-2023-24489: Citrix Content Collaboration ShareFile Improper Access Control Vulnerability

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.

CISA KEV source 16 Aug 2023 added 6 Sep 2023 remediation due

Affected product

Citrix · Content Collaboration

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2023-24489.

Bleeping Computer17 Aug 2023

CISA warns of critical Citrix ShareFile flaw exploited in the wild

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. [...]