RSS   Vulnerabilities for 'FTA'   RSS

2021-03-02
 
CVE-2021-27731

CWE-79
 

 
Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.

 
 
CVE-2021-27730

CWE-74
 

 
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.

 
2021-02-16
 
CVE-2021-27104

CWE-78
 

 
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

 
 
CVE-2021-27103

CWE-918
 

 
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

 
 
CVE-2021-27102

CWE-78
 

 
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

 
 
CVE-2021-27101

CWE-89
 

 
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

 

 >>> Vendor: Accellion 5 Products
Secure file transfer appliance
File transfer appliance
Kiteworks appliance
FTA
Kiteworks


Copyright 2021, cxsecurity.com

 

Back to Top