CVE-2009-4648
published 2010-02-19CVE-2009-4648: Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo…
PriorityP337high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.82%
52.7th percentile
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| accellion | secure_file_transfer_appliance | — | — |
| accellion | secure_file_transfer_appliance | — | — |
| accellion | secure_file_transfer_appliance | — | — |
| accellion | secure_file_transfer_appliance | — | — |
| accellion | secure_file_transfer_appliance | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Accellion Secure File Transfer Appliance 7 0 135 access control (EDB-33623 / XFDB-56248)
vuldb·2026-05-01·CVSS 7.2
CVE-2009-4648 [HIGH] Accellion Secure File Transfer Appliance 7 0 135 access control (EDB-33623 / XFDB-56248)
A vulnerability classified as problematic has been found in Accellion Secure File Transfer Appliance 7 0 135. Affected is an unknown function. Performing a manipulation results in improper access controls.
This vulnerability is reported as CVE-2009-4648. The attack requires a local approach. Moreover, an exploit is present.
It is recommended to upgrade the affected component.
GHSA
GHSA-4fqj-948j-w2qf: Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo
ghsa_unreviewed·2022-05-02
CVE-2009-4648 [HIGH] GHSA-4fqj-948j-w2qf: Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
No detection rules found.
No writeups or analysis indexed.
2010-02-19
Published