Skip to main content

Fta

6 CVEs product

Monthly

CVE-2021-27730 CRITICAL Act Now

Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-27731 MEDIUM This Month

Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fta
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-27104 CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
56.4%
CVE-2021-27103 CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
11.3%
CVE-2021-27102 HIGH KEV THREAT This Week

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fta
NVD GitHub
CVSS 3.1
7.8
EPSS
3.6%
CVE-2021-27101 CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Fta
NVD GitHub
CVSS 3.1
9.8
EPSS
6.0%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Fta
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fta
NVD GitHub
EPSS 56% CVSS 9.8
CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fta
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Fta
NVD GitHub
EPSS 4% CVSS 7.8
HIGH KEV THREAT This Week

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fta
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL KEV THREAT Act Now

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Fta
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy