Description of Problem
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled.
Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile storage zones controller configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue.
Customers using Citrix ShareFile storage zones controller 5.10.1 and above or 5.11.18 and above can check if they are affected by this issue by viewing the EncryptionServiceSettings file in the StorageLocation. If IsEncryptionNeeded is set to True then the storage zones controller is affected by this issue. Affected customers using 5.11.19 or above who log-in to the ShareFile storage zones controller configuration page will also be presented with a pop-up which informs them that they are affected by this issue.
|
CVE-ID |
Description |
Type |
Pre-requisites |
|
CVE-2021-22932 |
File encryption is disabled after running CTX269106 mitigation tool |
CWE-312: Cleartext Storage of Sensitive Information |
Access to an affected customer-managed ShareFile storage zone |
What Customers Should Do
Customers who have previously run the CTX269106 mitigation tool are recommended to check if they are affected by this issue by following the steps above. Customers who are unsure if they have previously run the tool are also recommended to follow the steps above to check if they are affected by this issue.
Citrix strongly recommends that affected customers address this issue as soon as possible by first upgrading to ShareFile storage zones controller 5.11.19 or later and then running the background encryption task to ensure that any files which were not encrypted due to this issue become encrypted. More information on this process is available at https://citrix.sharefile.com/d-s09aed5d7e9ad4e89b97be38162edd201.
The latest versions of Citrix ShareFile storage zones controller are available from the following Citrix website location:
What Citrix is Doing
Obtaining Support on This Issue
Subscribe to Receive Alerts
Reporting Security Vulnerabilities to Citrix
Disclaimer
Changelog
| Date |
Change |
| 2021-08-10 |
Initial Publication |