9.12.370

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-02	CVE-2021-27730	Injection vulnerability in Accellion FTA Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. network low complexity accellion CWE-74	7.5
2021-03-02	CVE-2021-27731	Cross-site Scripting vulnerability in Accellion FTA Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. network accellion CWE-79	4.3
2021-02-16	CVE-2021-27104	OS Command Injection vulnerability in Accellion FTA 912370 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. network low complexity accellion CWE-78 critical	10.0
2021-02-16	CVE-2021-27103	Server-Side Request Forgery (SSRF) vulnerability in Accellion FTA 912370/912380/912411 Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. network low complexity accellion CWE-918	7.5
2021-02-16	CVE-2021-27102	OS Command Injection vulnerability in Accellion FTA 912370/912380/912411 Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. local low complexity accellion CWE-78	7.2
2021-02-16	CVE-2021-27101	Unspecified vulnerability in Accellion FTA 912220/912370 Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. network low complexity accellion critical	9.8