There’s currently a Sharefile vulnerability that could affect on-premise or customer-managed Storage Zone Controllers and has been given the following vulnerability identifiers:


You will get a warning when you login to Sharefile that looks like this:

What does this mean: If exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders.

On Premised Partner Managed or Customer-managed storage zones created using the following versions of the storage zones controller are affected:

ShareFile storage zones Controller 5.9.0
ShareFile storage zones Controller 5.8.0
ShareFile storage zones Controller 5.7.0
ShareFile StorageZones Controller 5.6.0
ShareFile StorageZones Controller 5.5.0
All earlier versions of ShareFile StorageZones Controller

Simply upgrading the Storage Zone Colltroller does not fix the issue. However, if you created your Storage zone on the following versions then you are safe.

Storage Zones Controller 5.10.0 and later 5.10 releases
Storage Zones Controller 5.9.1 and later 5.9 releases
Storage Zones Controller 5.8.1 and later 5.8 releases
Storage Zones Controller 5.7.1 and later 5.7 releases
ShareFile StorageZones Controller 5.6.1 and later 5.6 releases
ShareFile StorageZones Controller 5.5.1 and later 5.5 releases

What to do: Well Citrix has released a fix for the issue in CTX269341 which fixes the issue, but there is no rollback procedure and you must not try to revert any changes to this otherwise you will break the Zone.

I have already done this update a few weeks ago and it was pretty seamless.