Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform.
The security advisory—about which The Hacker News learned from Dimitri van de Giessen, an ethical hacker and system engineer—is scheduled to be available publicly later today on the Citrix website.
Citrix ShareFile is an enterprise-level file sharing solution for businesses using which employees can securely exchange proprietary and sensitive business data with each other.
The software offers an on-premises secure cloud environment for data storage with auditing capabilities and regulatory compliance controls. For example, a company can remotely lock or wipe data from potentially compromised mobile devices, or they’re when lost or stolen.
The newly identified security issues (CTX-CVE-2020-7473) specifically affect customer-managed on-premises Citrix ShareFile storage zone controllers, a component that stores corporate data behind the firewall.
The list of vulnerabilities are:
According to the…