Citrix ShareFile has a remote code execution vulnerability [CVE-2023-24489]. By exploiting a seemingly innocuous cryptographic bug, an unauthenticated attacker can upload arbitrary files.
According to Citrix, more than 83% of their 2,800 customers had patched the vulnerability prior to its disclosure in June and less than 3% of their install base were affected.
See the Resource Center.
Bitsight research on this vulnerability is in progress. We will provide updates as more information becomes available.