Vulnerabilities > Accellion > Kiteworks > 7.3.1

DATE CVE VULNERABILITY TITLE RISK
2021-06-23 CVE-2021-31586 SQL Injection vulnerability in Accellion Kiteworks 7.3.0/7.3.1/7.3.2
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.
network
low complexity
accellion CWE-89
8.8
8.8
2018-05-24 CVE-2017-9421 Improper Authentication vulnerability in Accellion Kiteworks
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.
network
low complexity
accellion CWE-287
6.5
6.5