NVD disclosure day

Published threat advisories for September 23, 2021

CVE advisoryKnown Exploit

CVE-2021-22941

Citrix ShareFile Storage Zones Remote Compromise

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Citrix ShareFile storage zones controllers are affected by improper access control, enabling unauthenticated remote compromise. This presents a business risk of unauthorized data access and operational disruption. The vulnerability has been observed in ransomware campaigns.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2021-22017

VMware vCenter Server: Unauthorized Access Risk

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in VMware vCenter Server allows unauthorized network access to internal endpoints by bypassing proxy controls. This impacts organizations by potentially exposing internal systems and data. Affected organizations face business risk due to unauthorized access.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2021-22005

VMware vCenter Server Arbitrary File Upload Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability in VMware vCenter Server allows unauthorized network access to upload a malicious file, leading to code execution. This poses a significant risk to affected organizations, potentially compromising server integrity and availability. The vulnerability is exploitable via network access to port 443

NVD published: • CISA KEV