cbcvebase.

Accellion Fta vulnerabilities

6 known vulnerabilities affecting accellion/fta.

Total CVEs
6
CISA KEV
4
actively exploited
Public exploits
0
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2021-27104P1CRITICALCVSS 9.8KEVRansomware≤ 9_12_3702021-02-16
CVE-2021-27104 [CRITICAL] CWE-78 CVE-2021-27104: Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
nvd
CVE-2021-27101P1CRITICALCVSS 9.8KEVRansomware≤ 9_12_3702021-02-16
CVE-2021-27101 [CRITICAL] CVE-2021-27101: Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a reque Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
nvd
CVE-2021-27103P1CRITICALCVSS 9.8KEVRansomwarefixed in 9_12_4162021-02-16
CVE-2021-27103 [CRITICAL] CWE-918 CVE-2021-27103: Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat. Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
nvd
CVE-2021-27102P1HIGHCVSS 7.8KEVRansomware≤ 9_12_4112021-02-16
CVE-2021-27102 [HIGH] CWE-78 CVE-2021-27102: Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
nvd
CVE-2021-27730P3CRITICALCVSS 9.8≤ 9_12_4322021-03-02
CVE-2021-27730 [CRITICAL] CWE-74 CVE-2021-27730: Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to a Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
nvd
CVE-2021-27731P4MEDIUMCVSS 6.1≤ 9_12_4322021-03-02
CVE-2021-27731 [MEDIUM] CWE-79 CVE-2021-27731: Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user en Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
nvd
Accellion Fta vulnerabilities | cvebase