Accellion File Transfer Appliance Multiple Vulnerabilities

Release Date: 4 Mar 2021 4261 Views

RISK: Extremely High Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in Accellion File Transfer Appliance, a remote user could exploit some of these vulnerabilities to trigger remote code execution, cross-site scripting and security restriction bypass on the targeted system.

Note:

CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104 are being exploited in the wild

Impact

Cross-Site Scripting
Remote Code Execution
Security Restriction Bypass

System / Technologies affected

FTA version prior to 9.12.444

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:
https://www.accellion.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf

Vulnerability Identifier

Source

Accellion