Lucene search
K

6 matches found

CVE
CVE
added 2021/02/16 8:16 p.m.1233 views

CVE-2021-27104

CVE-2021-27104 (Accellion FTA) is an OS command execution vulnerability affecting Accellion File Transfer Appliance (FTA) versions 9_12_370 and earlier. It is exploitable via a crafted POST request to various admin endpoints, enabling an attacker to run OS commands on the device. The vulnerabilit...

10CVSS9.4AI score0.56411EPSS
In wild
CVE
CVE
added 2021/02/16 8:2 p.m.1206 views

CVE-2021-27101

CVE-2021-27101 is an SQL injection vulnerability in Accellion FTA (affects 9_12_370 and earlier) that can be triggered via a crafted HTTP Host header to document_root.html. Public sources confirm exploitation by threat actors, with attackers deploying a webshell on compromised devices and, in som...

9.8CVSS9.6AI score0.05998EPSS
In wild
CVE
CVE
added 2021/02/16 8:7 p.m.1153 views

CVE-2021-27102

CVE-2021-27102 is an OS command injection in Accellion FTA via a local web service call affecting 9_12_411 and earlier. Exploitation observed in incidents; fix available in FTA_9_12_416 and later. Remediation: patch to 9_12_416+ or migrate to a supported platform; isolate affected systems and app...

7.8CVSS8.7AI score0.03624EPSS
In wild
CVE
CVE
added 2021/02/16 8:12 p.m.1133 views

CVE-2021-27103

The CVE-2021-27103 issue affects Accellion FTA prior to FTA_9_12_416, where SSRF is triggered by a crafted POST to wmProgressstat.html. The connected documents provide concrete context: (1) vulnerability stems from server-side request forgery in the Accellion FTA web interface, (2) remediation is...

9.8CVSS9.3AI score0.11315EPSS
In wild
CVE
CVE
added 2021/03/02 1:3 a.m.86 views

CVE-2021-27730

The CVE-2021-27730 issue concerns Accellion FTA (versions up to 9_12_432). It describes an argument injection vulnerability accessible via a crafted POST to an admin endpoint. A fix is available in version FTA_9_12_444 and later. Impact is noted in public metrics (e.g., CVSS) as high/critical dep...

9.8CVSS9.4AI score0.01414EPSS
CVE
CVE
added 2021/03/02 1:0 a.m.80 views

CVE-2021-27731

Accellion FTA vulnerable to a stored XSS flaw (CVE-2021-27731) in 9_12_432 and earlier, triggered by a crafted POST to a user endpoint. The issue is mitigated in FTA_9_12_444 and later. Connected sources confirm the vulnerability type and the fixed version, and note that exploitation details or i...

6.1CVSS6.4AI score0.00721EPSS