Shodan
Vulnerabilities
Vulnerable Software
Accellion:  Security Vulnerabilities
CVE-2021-27103
Known exploited
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
CVSS Score
9.8
EPSS Score
0.114
Published
2021-02-16
CVE-2021-27104
Known exploited
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
CVSS Score
9.8
EPSS Score
0.567
Published
2021-02-16
CVE-2019-5622
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-04-29
CVE-2019-5623
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').
CVSS Score
9.8
EPSS Score
0.016
Published
2020-04-29
CVE-2016-9499
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
CVSS Score
5.3
EPSS Score
0.078
Published
2018-07-13
CVE-2016-9500
Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.
CVSS Score
6.1
EPSS Score
0.054
Published
2018-07-13
CVE-2017-9421
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.
CVSS Score
6.5
EPSS Score
0.011
Published
2018-05-24
CVE-2015-2856
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.
CVSS Score
7.5
EPSS Score
0.566
Published
2017-10-10
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
CVSS Score
9.8
EPSS Score
0.842
Published
2017-08-22
CVE-2017-8303
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
CVSS Score
9.8
EPSS Score
0.242
Published
2017-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved