VYPR

FTP server

by Accellion

CVEs (2)

  • CVE-2016-9500MedJul 13, 2018
    risk 0.40cvss 6.1epss 0.05

    Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.

  • CVE-2016-9499MedJul 13, 2018
    risk 0.35cvss 5.3epss 0.08

    Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.