File Transfer Appliance
by Accellion
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-4645 | 0.03 | — | 0.03 | Feb 19, 2010 | Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||
| CVE-2008-3850 | 0.03 | — | 0.01 | Aug 27, 2008 | Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html. | |||
| CVE-2019-5623 | 0.00 | — | 0.02 | Apr 29, 2020 | Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | |||
| CVE-2019-5622 | 0.00 | — | 0.01 | Apr 29, 2020 | Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials. | |||
| CVE-2009-4647 | 0.00 | — | 0.01 | Feb 19, 2010 | Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs. | |||
| CVE-2009-4646 | 0.00 | — | 0.02 | Feb 19, 2010 | Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string. | |||
| CVE-2009-4644 | 0.00 | — | 0.02 | Feb 19, 2010 | Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. |
- CVE-2009-4645Feb 19, 2010risk 0.03cvss —epss 0.03
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
- CVE-2008-3850Aug 27, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
- CVE-2019-5623Apr 29, 2020risk 0.00cvss —epss 0.02
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').
- CVE-2019-5622Apr 29, 2020risk 0.00cvss —epss 0.01
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.
- CVE-2009-4647Feb 19, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
- CVE-2009-4646Feb 19, 2010risk 0.00cvss —epss 0.02
Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.
- CVE-2009-4644Feb 19, 2010risk 0.00cvss —epss 0.02
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
Page 2 of 2