by Daniel Ruiz
Senior Solutions Architect
On September 8th 2020, Citrix announced a StoreFront Security Vulnerability. The vulnerability could allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
Citrix strongly recommends that customers running affected versions of Citrix StoreFront, both CR and LTSR versions, upgrade to a fixed version as soon as possible.
Affected Citrix StoreFront versions:
- Current Release (CR)
- Citrix StoreFront before 1909
- Long Term Service Release (LTSR)
- Citrix StoreFront 1912 LTSR before CU1 (1912.0.1000)
- Citrix StoreFront 3.12 for 7.15 LTSR before CU5 Hotfix (3.12.5001)
- Citrix StoreFront 3.0 for 7.6 LTSR before CU8 Hotfix (3.0.8001)
The issue has been addressed in the following Citrix StoreFront versions:
- Citrix StoreFront 1912 CU1 (1912.0.1000) and later versions of Citrix StoreFront 1912 LTSR
- Citrix StoreFront 3.0 for 7.6 LTSR CU8 Hotfix (3.0.8001) and later versions of StoreFront 3.0 for 7.6 LTSR
- Citrix StoreFront 3.12 for 7.15 LTSR CU5 Hotfix (3.12.5001) and later versions of StoreFront 3.12 for 7.15 LTSR
If you would like more information or assistance from our industry-leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.