CVE-2021-22941

CVE Database · CVE-2021-22941

CVE-2021-22941

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

53.59%

Published

Sep 23, 2021

Modified

Nov 3, 2025

CISA Known Exploited Vulnerability

Added: 2022-03-25 · Due: 2022-04-15

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

TrickestTrickest PoC index GitHub PoChoav18/CVE-2021-22941★13 GitHub PoCpratikjojode/citrix-cve-2021-22941-lab★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-284

Affected Products (1)

citrix · sharefile_storagezones_controller (up to 5.11.20)vulnerable

References (3)

https://support.citrix.com/article/CTX328123

Broken LinkVendor Advisory

https://support.citrix.com/article/CTX328123

Broken LinkVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22941

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs