CISA https://www.cisa.gov/news-events/alerts/2023/08/16/cisa-adds-one-known-exploited-vulnerability-catalog to the Known Exploited Vulnerabilities Catalog in August 2023. https://nvd.nist.gov/vuln/detail/CVE-2023-24489 is an access control vulnerability impacting the use of Citrix ShareFile StorageZones Controller version 5.11.24 and below.
While ShareFile primarily offers a cloud-based file-sharing application, there are some features that accommodate data storage through the use of a storage zone controller.
For impacted versions of customer-managed ShareFile storage zones controller, malicious attackers can compromise the system by uploading a webshell that would enable them to gain access to sensitive information held in private data storage.
CVE-2023-24489 follows two previous critical vulnerabilities that impacted the Citrix ShareFile storage zones controller in 2021.