CVE-2021-22941

CVE-2021-22941 is a significant software vulnerability identified in Citrix ShareFile, which allows for remote code execution (RCE). This flaw was exploited by the threat actor group known as GOLD MELODY, also referred to as PROPHET SPIDER. The group has been linked to various attacks exploiting security flaws in multiple servers, including Oracle WebLogic, GitLab, Atlassian Confluence, and Citrix ShareFile among others. Their exploitation of this particular vulnerability was first observed in early 2022. Previously in mid-2021, GOLD MELODY had exploited two Oracle WebLogic directory traversal RCE vulnerabilities (CVE-2020-14882 and CVE-2020-14750) for initial access. These actions are part of the group's established pattern of exploiting known vulnerabilities in internet-exposed servers as initial access vectors. They have targeted a variety of systems, including Oracle E-Business, WebLogic, Sitecor, Apache Struts, Log4j, JBoss MQ Java Message Service, and Citrix ShareFile. The exploitation of CVE-2021-22941 by GOLD MELODY underscores the importance of timely patching and security updates to prevent unauthorized access and potential damage. Organizations must remain vigilant and proactive in managing and mitigating software vulnerabilities to thwart such threat actors. Regular monitoring and updating of systems, coupled with robust cybersecurity measures, can help prevent the exploitation of such vulnerabilities.