Accellion: Security Vulnerabilities
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-02-14
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.
CVSS Score
6.7
EPSS Score
0.002
Published
2021-06-23
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-06-23
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-03-02
Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-03-02
CVE-2021-27101
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
Known exploited
CVSS Score
9.8
EPSS Score
0.015
Published
2021-02-16
CVE-2021-27102
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
Known exploited
CVSS Score
7.8
EPSS Score
0.003
Published
2021-02-16
CVE-2021-27103
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
Known exploited
CVSS Score
9.8
EPSS Score
0.055
Published
2021-02-16
CVE-2021-27104
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
Known exploited
CVSS Score
9.8
EPSS Score
0.035
Published
2021-02-16
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-04-29
Page 1