CVE-2023-24489

unknown KEV

Published 2023-08-16 · Modified 2023-08-16

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.

CISA KEV

Vendor: Citrix
Product: Content Collaboration
Due date: 2023-09-06

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489; https://nvd.nist.gov/vuln/detail/CVE-2023-24489

Exploits

References

https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489; https://nvd.nist.gov/vuln/detail/CVE-2023-24489

Verify integrity in audit chain (admin only). AS-IS.