FTA
by Accellion
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27104 | Cri | 0.86 | 9.8 | 0.57 | KEV | Feb 16, 2021 | Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later. | |
| CVE-2021-27103 | Cri | 0.83 | 9.8 | 0.11 | KEV | Feb 16, 2021 | Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later. | |
| CVE-2021-27101 | Cri | 0.82 | 9.8 | 0.06 | KEV | Feb 16, 2021 | Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later. | |
| CVE-2021-27102 | Hig | 0.69 | 7.8 | 0.04 | KEV | Feb 16, 2021 | Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | |
| CVE-2021-27730 | Cri | 0.64 | 9.8 | 0.01 | Mar 2, 2021 | Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. | ||
| CVE-2019-5622 | Cri | 0.64 | 9.8 | 0.01 | Apr 29, 2020 | Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials. | ||
| CVE-2021-27731 | Med | 0.40 | 6.1 | 0.01 | Mar 2, 2021 | Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later. | ||
| CVE-2016-9499 | Med | 0.35 | 5.3 | 0.08 | Jul 13, 2018 | Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them. |
- risk 0.86cvss 9.8epss 0.57
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
- risk 0.83cvss 9.8epss 0.11
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
- risk 0.82cvss 9.8epss 0.06
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
- risk 0.69cvss 7.8epss 0.04
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
- risk 0.64cvss 9.8epss 0.01
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
- risk 0.64cvss 9.8epss 0.01
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.
- risk 0.40cvss 6.1epss 0.01
Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
- risk 0.35cvss 5.3epss 0.08
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.