Citrix Announces StoreFront Security Vulnerability

by Daniel Ruiz
Senior Solutions Architect

On September 8th 2020, Citrix announced a StoreFront Security Vulnerability. The vulnerability could allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

Citrix strongly recommends that customers running affected versions of Citrix StoreFront, both CR and LTSR versions, upgrade to a fixed version as soon as possible.

Affected Citrix StoreFront versions:

• Current Release (CR)
  • Citrix StoreFront before 1909

• Long Term Service Release (LTSR)
  • Citrix StoreFront 1912 LTSR before CU1 (1912.0.1000)
  • Citrix StoreFront 3.12 for 7.15 LTSR before CU5 Hotfix (3.12.5001)
  • Citrix StoreFront 3.0 for 7.6 LTSR before CU8 Hotfix (3.0.8001)

The issue has been addressed in the following Citrix StoreFront versions:

• Citrix StoreFront 1912 CU1 (1912.0.1000) and later versions of Citrix StoreFront 1912 LTSR
• Citrix StoreFront 3.0 for 7.6 LTSR CU8 Hotfix (3.0.8001) and later versions of StoreFront 3.0 for 7.6 LTSR
• Citrix StoreFront 3.12 for 7.15 LTSR CU5 Hotfix (3.12.5001) and later versions of StoreFront 3.12 for 7.15 LTSR

If you would like more information or assistance from our industry-leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.