Cyber Resilience

CVE-2021-22941

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 23 September 2021

Published
23 September 2021
Modified
03 November 2025
KEV Added
25 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8849 99.5th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22941 is a critical-severity Improper Access Control (CWE-284) vulnerability in Citrix Sharefile Storagezones Controller. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-17 (Remote Access).

Deeper analysis

CVE-2021-22941 is an improper access control vulnerability, tracked under CWE-284, that affects Citrix ShareFile storage zones controller versions prior to 5.11.20. The flaw resides in the storage zones controller component and carries a CVSS 3.1 base score of 9.8, reflecting a network-accessible attack with low complexity and no authentication or user interaction required.

An unauthenticated remote attacker can exploit the weakness to fully compromise the storage zones controller, obtaining unauthorized access that impacts the confidentiality, integrity, and availability of the affected system.

Citrix has published remediation guidance in article CTX328123, which addresses the affected storage zones controller releases. The vulnerability is also catalogued by CISA as actively exploited in the wild, confirming real-world attacks against unpatched deployments.

EU & UK References

Vulnerability details

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

CWE(s)
KEV Date Added
25 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

citrix
sharefile storagezones controller
≤ 5.11.20

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control policies to block unauthenticated remote requests to the ShareFile storage zones controller.

AC-17 Remote Access partial match
prevent

Requires explicit authorization and connection restrictions for all remote access paths into the storage zones controller.

prevent

Applies boundary protections that deny unauthorized network traffic before it reaches the vulnerable controller component.

References