Vulnerabilities > Accellion > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-16 | CVE-2021-27101 | Unspecified vulnerability in Accellion FTA 912220/912370 Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. | 9.8 |
2021-02-16 | CVE-2021-27104 | OS Command Injection vulnerability in Accellion FTA 912370 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. | 10.0 |
2010-02-19 | CVE-2009-4644 | OS Command Injection vulnerability in Accellion Secure File Transfer Appliance Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. | 9.0 |
2010-02-19 | CVE-2009-4646 | Code Injection vulnerability in Accellion Secure File Transfer Appliance Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string. | 9.0 |