CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-2857

Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.854

EPSS Ranking 99.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://packetstormsecurity.com/files/132665/Accellion-FTA-getStatus-verify_oauth_token-Command-Execution.html
http://www.rapid7.com/db/modules/exploit/linux/http/accellion_fta_getstatus_oauth
https://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857
https://www.exploit-db.com/exploits/37597/
http://packetstormsecurity.com/files/132665/Accellion-FTA-getStatus-verify_oauth_token-Command-Execution.html
http://www.rapid7.com/db/modules/exploit/linux/http/accellion_fta_getstatus_oauth
https://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857
https://www.exploit-db.com/exploits/37597/

Products affected by CVE-2015-2857

Accellion » File Transfer Appliance » Version: 8_0_540

cpe:2.3:a:accellion:file_transfer_appliance:8_0_540
Accellion » File Transfer Appliance » Version: 9_11_200

cpe:2.3:a:accellion:file_transfer_appliance:9_11_200

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2857

Products

Pricing

Contact Us