Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Accellion Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-31586 1 Accellion 1 Kiteworks 2021-06-25 6.5 MEDIUM 8.8 HIGH
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.
CVE-2021-27102 1 Accellion 1 Fta 2021-02-19 7.2 HIGH 7.8 HIGH
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
CVE-2017-8793 1 Accellion 1 File Transfer Appliance 2019-10-03 6.8 MEDIUM 8.8 HIGH
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.
CVE-2015-2856 1 Accellion 1 File Transfer Appliance 2017-10-23 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.
CVE-2016-5662 1 Accellion 1 Kiteworks Appliance 2016-11-28 7.2 HIGH 7.8 HIGH
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.
CVE-2016-2353 1 Accellion 1 File Transfer Appliance 2016-05-10 7.2 HIGH 7.8 HIGH
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
CVE-2016-2352 1 Accellion 1 File Transfer Appliance 2016-05-09 6.5 MEDIUM 8.8 HIGH
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.