Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-14	CVE-2022-24110	Unspecified vulnerability in Accellion Managed File Transfer Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. network low complexity accellion	6.5
2021-06-23	CVE-2021-31585	Unspecified vulnerability in Accellion Kiteworks 7.3.0 Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. local low complexity accellion	4.6
2021-06-23	CVE-2021-31586	SQL Injection vulnerability in Accellion Kiteworks Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. network low complexity accellion CWE-89	6.5
2021-03-02	CVE-2021-27731	Cross-site Scripting vulnerability in Accellion FTA Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. network accellion CWE-79	4.3
2018-07-13	CVE-2016-9500	Cross-site Scripting vulnerability in Accellion FTP Server Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting. network accellion CWE-79	4.3
2018-07-13	CVE-2016-9499	Information Exposure vulnerability in Accellion FTP Server Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. network low complexity accellion CWE-200	5.0
2018-05-24	CVE-2017-9421	Improper Authentication vulnerability in Accellion Kiteworks Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. network low complexity accellion CWE-287	6.4
2017-10-10	CVE-2015-2856	Path Traversal vulnerability in Accellion File Transfer Appliance 80540/912180 Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. network low complexity accellion CWE-22	5.0
2017-05-05	CVE-2017-8795	Cross-site Scripting vulnerability in Accellion File Transfer Appliance 80540 An issue was discovered on Accellion FTA devices before FTA_9_12_180. network accellion CWE-79	4.3
2017-05-05	CVE-2017-8794	Server-Side Request Forgery (SSRF) vulnerability in Accellion File Transfer Appliance 80540 An issue was discovered on Accellion FTA devices before FTA_9_12_180. network low complexity accellion CWE-918	6.4