6 matches found
CVE-2021-27104
CVE-2021-27104 (Accellion FTA) is an OS command execution vulnerability affecting Accellion File Transfer Appliance (FTA) versions 9_12_370 and earlier. It is exploitable via a crafted POST request to various admin endpoints, enabling an attacker to run OS commands on the device. The vulnerabilit...
CVE-2021-27101
CVE-2021-27101 is an SQL injection vulnerability in Accellion FTA (affects 9_12_370 and earlier) that can be triggered via a crafted HTTP Host header to document_root.html. Public sources confirm exploitation by threat actors, with attackers deploying a webshell on compromised devices and, in som...
CVE-2021-27102
CVE-2021-27102 is an OS command injection in Accellion FTA via a local web service call affecting 9_12_411 and earlier. Exploitation observed in incidents; fix available in FTA_9_12_416 and later. Remediation: patch to 9_12_416+ or migrate to a supported platform; isolate affected systems and app...
CVE-2021-27103
The CVE-2021-27103 issue affects Accellion FTA prior to FTA_9_12_416, where SSRF is triggered by a crafted POST to wmProgressstat.html. The connected documents provide concrete context: (1) vulnerability stems from server-side request forgery in the Accellion FTA web interface, (2) remediation is...
CVE-2021-27730
The CVE-2021-27730 issue concerns Accellion FTA (versions up to 9_12_432). It describes an argument injection vulnerability accessible via a crafted POST to an admin endpoint. A fix is available in version FTA_9_12_444 and later. Impact is noted in public metrics (e.g., CVSS) as high/critical dep...
CVE-2021-27731
Accellion FTA vulnerable to a stored XSS flaw (CVE-2021-27731) in 9_12_432 and earlier, triggered by a crafted POST to a user endpoint. The issue is mitigated in FTA_9_12_444 and later. Connected sources confirm the vulnerability type and the fixed version, and note that exploitation details or i...