Citrix ShareFile StorageZone Controller [CVE-2023-24489] Ingrid Citrix ShareFile has a remote code execution vulnerability [CVE-2023-24489]. By exploiting a seemingly innocuous cryptographic bug, an unauthenticated attacker can upload arbitrary files. What To Do Use the Product filter on the Companies List page in the Continuous Monitoring application to search for “ShareFile.” This delivers companies who might leverage this product based on firmographic data. The firmographic data is based on qualitative evidence, indicating potential product use. Cross-check with information from your vendors/third parties to confirm whether they use the product and whether they use a version of the product known to be vulnerable. Resources Assetnote Pty.Ltd., “Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)” Citrix Systems, Inc., “ShareFile StorageZones Controller Security Update for CVE-2023-24489” August 21, 2023: Published. Related articles Diligence Risk Category Companies API Endpoint GET: Portfolio Details Cleo File Transfer [CVE-2024-50623 & CVE-2024-55956] GET: Assets Feedback 0 comments Please sign in to leave a comment.