Fta
CVE-2021-27730
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
AnalysisAI
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. Affected products include: Accellion Fta.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpo
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Rated critical
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Rated high severity
Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. Rated medium
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today