Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:FB7821833FC47911B30B1D37E067A207
HistoryJul 16, 2015 - 12:00 a.m.

Accellion FTA getStatus command injection

2015-07-1600:00:00
SAINT Corporation
download.saintcorporation.com
14

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.957 High

EPSS

Percentile

99.4%

JSON

Added: 07/16/2015
CVE: CVE-2015-2857

Background

The Accellion File Transfer Appliance is a solution for secure file sharing.

Problem

A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the **oauth_token** parameter to the **getStatus** action.

Resolution

Apply software update FTA_9_11_210.

References

<https://www.exploit-db.com/exploits/37597/&gt;

Limitations

Exploit works on software version FTA_9_11_200.

Platforms

Linux

Related

cve 1
saint 3
checkpoint_advisories 1
prion 1
openvas 1
nvd 1
cvelist 1
packetstorm 1
zdt 1
nessus 2
metasploit 1
cve
cve
CVE-2015-2857
2017-08-22 15:29:00
saint
saint
Accellion FTA getStatus command injection
2015-07-16 00:00:00
Accellion FTA getStatus command injection
2015-07-16 00:00:00
Accellion FTA getStatus command injection
2015-07-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Accellion FTA getStatus verify_oauth_token Command Execution (CVE-2015-2857)
2016-09-25 00:00:00
prion
prion
Authentication flaw
2017-08-22 15:29:00
openvas
openvas
Accellion FTA RCE Vulnerability
2015-08-05 00:00:00
nvd
nvd
CVE-2015-2857
2017-08-22 15:29:00
cvelist
cvelist
CVE-2015-2857
2017-08-22 15:00:00
packetstorm
packetstorm
Accellion FTA getStatus verify_oauth_token Command Execution
2015-07-13 00:00:00
zdt
zdt
Accellion File Transfer appliance getStatus verify_oauth_token Command Execution Exploit
2015-07-13 00:00:00
nessus
nessus
Accellion Secure File Transfer Appliance 'statecode' Cookie Remote File Disclosure
2015-07-27 00:00:00
Accellion Secure File Transfer Appliance 'oauth_token' Parameter Remote Command Execution
2015-07-27 00:00:00
metasploit
metasploit
Accellion FTA 'statecode' Cookie Arbitrary File Read
2015-07-08 18:42:11

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.957 High

EPSS

Percentile

99.4%

JSON
Related for SAINT:FB7821833FC47911B30B1D37E067A207
cve1saint3checkpoint_advisories1prion1openvas1nvd1cvelist1packetstorm1zdt1nessus2metasploit1