PT-2019-18469 · Citrix · Citrix Sharefile

Published

2019-05-13

Updated

2020-08-24

CVE-2019-7217

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix ShareFile versions prior to 19.12

Description The issue allows user enumeration, where it is possible to determine application usernames based on different server responses. This can be achieved by sending a request to check the otp code, and no authentication is required.

Recommendations For versions prior to 19.12, update to version 19.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the otp code check functionality to minimize the risk of exploitation.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2019-7217

Affected Products

Citrix Sharefile

PT-2019-18469 · Citrix · Citrix Sharefile

CVE-2019-7217

Weakness Enumeration

Related Identifiers

Affected Products

References · 3