Vulnerabilities > Accellion
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-14 | CVE-2022-24110 | Unspecified vulnerability in Accellion Managed File Transfer Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. | 6.5 |
2021-06-23 | CVE-2021-31585 | Unspecified vulnerability in Accellion Kiteworks 7.3.0 Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. | 6.7 |
2021-06-23 | CVE-2021-31586 | SQL Injection vulnerability in Accellion Kiteworks 7.3.0/7.3.1/7.3.2 Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. | 8.8 |
2021-03-02 | CVE-2021-27730 | Injection vulnerability in Accellion FTA Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. | 9.8 |
2021-03-02 | CVE-2021-27731 | Cross-site Scripting vulnerability in Accellion FTA Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. | 6.1 |
2021-02-16 | CVE-2021-27104 | OS Command Injection vulnerability in Accellion FTA 912220/912370 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. | 9.8 |
2021-02-16 | CVE-2021-27103 | Server-Side Request Forgery (SSRF) vulnerability in Accellion FTA Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. | 9.8 |
2021-02-16 | CVE-2021-27102 | OS Command Injection vulnerability in Accellion FTA Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. | 7.8 |
2021-02-16 | CVE-2021-27101 | Unspecified vulnerability in Accellion FTA 912220/912370 Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. | 9.8 |
2020-04-29 | CVE-2019-5623 | OS Command Injection vulnerability in Accellion File Transfer Appliance 80540 Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | 9.8 |