Contact Support

Customers who viewed this article also viewed

CTX322787 {{tooltipText}}

Citrix ShareFile storage zones controller security update

Applicable Products

  • ShareFile

Description of Problem

An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. 

Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile storage zones controller configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue. 

Customers using Citrix ShareFile storage zones controller 5.10.1 and above or 5.11.18 and above can check if they are affected by this issue by viewing the EncryptionServiceSettings file in the StorageLocation. If IsEncryptionNeeded is set to True then the storage zones controller is affected by this issue. Affected customers using 5.11.19 or above who log-in to the ShareFile storage zones controller configuration page will also be presented with a pop-up which informs them that they are affected by this issue. 

CVE-ID 

Description 

Type 

Pre-requisites 

CVE-2021-22932 

File encryption is disabled after running CTX269106 mitigation tool 

CWE-312: Cleartext Storage of Sensitive Information 

Access to an affected customer-managed ShareFile storage zone 


What Customers Should Do

Customers who have previously run the CTX269106 mitigation tool are recommended to check if they are affected by this issue by following the steps above. Customers who are unsure if they have previously run the tool are also recommended to follow the steps above to check if they are affected by this issue. 

Citrix strongly recommends that affected customers address this issue as soon as possible by first upgrading to ShareFile storage zones controller 5.11.19 or later and then running the background encryption task to ensure that any files which were not encrypted due to this issue become encrypted. More information on this process is available at https://citrix.sharefile.com/d-s09aed5d7e9ad4e89b97be38162edd201.

The latest versions of Citrix ShareFile storage zones controller are available from the following Citrix website location: 

https://www.citrix.com/downloads/sharefile/ 


What Citrix is Doing

Citrix is notifying customers and channel partners about this potential security issue through the publication of this security bulletin on the Citrix Knowledge Center at https://support.citrix.com/securitybulletins.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.

Subscribe to Receive Alerts

Citrix strongly recommends that all customers subscribe to receive alerts when a Citrix security bulletin is created or modified at https://support.citrix.com/user/alerts.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: https://www.citrix.com/about/trust-center/vulnerability-process.html.

Disclaimer

This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. Citrix reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document directly from the Citrix Knowledge Center.

Changelog

Date

Change

2021-08-10

Initial Publication