Vulnerabilities > Accellion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-14 | CVE-2022-24110 | Unspecified vulnerability in Accellion Managed File Transfer Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. | 6.5 |
| 2021-06-23 | CVE-2021-31585 | Unspecified vulnerability in Accellion Kiteworks 7.3.0 Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. | 4.6 |
| 2021-06-23 | CVE-2021-31586 | SQL Injection vulnerability in Accellion Kiteworks Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. | 6.5 |
| 2021-03-02 | CVE-2021-27730 | Injection vulnerability in Accellion FTA Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. | 7.5 |
| 2021-03-02 | CVE-2021-27731 | Cross-site Scripting vulnerability in Accellion FTA Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. | 4.3 |
| 2021-02-16 | CVE-2021-27104 | OS Command Injection vulnerability in Accellion FTA 912370 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. | 10.0 |
| 2021-02-16 | CVE-2021-27103 | Server-Side Request Forgery (SSRF) vulnerability in Accellion FTA 912370/912380/912411 Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. | 7.5 |
| 2021-02-16 | CVE-2021-27102 | OS Command Injection vulnerability in Accellion FTA 912370/912380/912411 Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. | 7.2 |
| 2021-02-16 | CVE-2021-27101 | Unspecified vulnerability in Accellion FTA 912220/912370 Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. | 9.8 |
| 2020-04-29 | CVE-2019-5623 | OS Command Injection vulnerability in Accellion File Transfer Appliance 80540 Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | 7.5 |