VYPR

FTA

by Accellion

CVEs (8)

  • CVE-2021-27104CriKEVFeb 16, 2021
    risk 0.86cvss 9.8epss 0.57

    Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

  • CVE-2021-27103CriKEVFeb 16, 2021
    risk 0.83cvss 9.8epss 0.11

    Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

  • CVE-2021-27101CriKEVFeb 16, 2021
    risk 0.82cvss 9.8epss 0.06

    Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

  • CVE-2021-27102HigKEVFeb 16, 2021
    risk 0.69cvss 7.8epss 0.04

    Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

  • CVE-2021-27730CriMar 2, 2021
    risk 0.64cvss 9.8epss 0.01

    Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.

  • CVE-2019-5622CriApr 29, 2020
    risk 0.64cvss 9.8epss 0.01

    Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.

  • CVE-2021-27731MedMar 2, 2021
    risk 0.40cvss 6.1epss 0.01

    Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.

  • CVE-2016-9499MedJul 13, 2018
    risk 0.35cvss 5.3epss 0.08

    Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.