all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability (CVE-2023-24489)

Add to bookmarks
Nov. 1, 2023, 10:58 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is Citrix Content Collaboration?





Citrix Content Collaboration is a security-focused collaboration, content sharing and synchronization service from Citrix for the enterprise.








What is the Attack?





CVE-2023-24489 is a directory traversal vulnerability that affects Citrix Systems ShareFile StorageZones Controller prior to 5.11.24.




The vulnerability is due to improper validation of user input in the ProcessRawPostedFile function. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could allow an attacker to save …

access access control attack citrix collaboration control controller cve cve-2023-24489 directory directory traversal enterprise security service sharefile sharing storagezones synchronization systems validation vulnerability what is

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 11 hours ago | fortiguard.fortinet.com
actor arbitrary code can code +21
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 day, 10 hours ago | fortiguard.fortinet.com
access advisory application attackers +29
GitLab Password Reset Vulnerability (CVE-2023-7028) 5 days, 16 hours ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 6 days, 16 hours ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 1 week ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 1 week, 6 days ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 1 week, 6 days ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 3 weeks, 1 day ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 1 month ago | fortiguard.fortinet.com
attack code compression cve +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

XDR Detection Engineer

@ SentinelOne | Italy
View on infosec-jobs.com

Security Engineer L2

@ NTT DATA | A Coruña, Spain
View on infosec-jobs.com

Cyber Security Assurance Manager

@ Babcock | Portsmouth, GB, PO6 3EN
View on infosec-jobs.com

Senior Threat Intelligence Researcher

@ CloudSEK | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cybersecurity Analyst 1

@ Spry Methods | Washington, DC (Hybrid)
View on infosec-jobs.com

Security Infrastructure DevOps Engineering Manager

@ Apple | Austin, Texas, United States
View on infosec-jobs.com
View more jobs