Accellion File Transfer Appliance (FTA) 9_12_220

CPE Details

Accellion File Transfer Appliance (FTA) 9_12_220
accellion
fta
9_12_220
2018-09-06
17h29 +00:00
2021-04-02
13h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:accellion:fta:9_12_220:*:*:*:*:*:*:*

Informations

Vendor

accellion

Product

fta

Version

9_12_220

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-27730 2021-03-02 00h03 +00:00 Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
9.8
Critical
CVE-2021-27731 2021-03-02 00h00 +00:00 Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
6.1
Medium
CVE-2021-27104 2021-02-16 20h16 +00:00 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
9.8
Critical
CVE-2021-27103 2021-02-16 20h12 +00:00 Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
9.8
Critical
CVE-2021-27102 2021-02-16 20h07 +00:00 Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
7.8
High
CVE-2021-27101 2021-02-16 20h02 +00:00 Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.