Citrix Announces StoreFront Security Vulnerability

by Daniel Ruiz
Senior Solutions Architect

On September 8th 2020, Citrix announced a StoreFront Security Vulnerability. The vulnerability could allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

Citrix strongly recommends that customers running affected versions of Citrix StoreFront, both CR and LTSR versions, upgrade to a fixed version as soon as possible.

Affected Citrix StoreFront versions:

  • Current Release (CR)
    • Citrix StoreFront before 1909
  • Long Term Service Release (LTSR)
    • Citrix StoreFront 1912 LTSR before CU1 (1912.0.1000)
    • Citrix StoreFront 3.12 for 7.15 LTSR before CU5 Hotfix (3.12.5001)
    • Citrix StoreFront 3.0 for 7.6 LTSR before CU8 Hotfix (3.0.8001)

The issue has been addressed in the following Citrix StoreFront versions:

  • Citrix StoreFront 1912 CU1 (1912.0.1000) and later versions of Citrix StoreFront 1912 LTSR
  • Citrix StoreFront 3.0 for 7.6 LTSR CU8 Hotfix (3.0.8001) and later versions of StoreFront 3.0 for 7.6 LTSR
  • Citrix StoreFront 3.12 for 7.15 LTSR CU5 Hotfix (3.12.5001) and later versions of StoreFront 3.12 for 7.15 LTSR

If you would like more information or assistance from our industry-leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.

Thank you for sharing... Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin