CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5622 – Accellion File Transfer Appliance Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2019-5622
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials. Accellion File Transfer Appliance versión FTA_8_0_540, sufre de una instancia CWE-798: Uso de Credenciales Embebidas. • https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9499 – The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting.
https://notcve.org/view.php?id=CVE-2016-9499
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them. El servidor Accellion FTP en versiones anteriores a FTA_9_12_220 solo devuelve el nombre de usuario en la respuesta del servidor si el nombre de usuario no es válido. Un atacante podría usar esta información para determinar cuentas de usuario válidas y enumerarlas. • https://www.kb.cert.org/vuls/id/745607 https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf https://www.securityfocus.com/bid/96154 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-204: Observable Response Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9500 – The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure
https://notcve.org/view.php?id=CVE-2016-9500
Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting. El servidor Accellion FTP en versiones anteriores a FTA_9_12_220 emplea el componente de flash Accusoft Prizm Content, que contiene múltiples parámetros (customTabCategoryName, customButton1Image) que son vulnerables a Cross-Site Scripting (XSS). • https://www.kb.cert.org/vuls/id/745607 https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf https://www.securityfocus.com/bid/96154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9421
https://notcve.org/view.php?id=CVE-2017-9421
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. Vulnerabilidad de omisión de autenticación en Accellion kiteworks en versiones anteriores a la 2017.01.00 permite que atacantes remotos ejecuten ciertas llamadas API en nombre de un usuario web que emplea un token recopilado mediante una petición POST en oauth/token. • https://github.com/jer1nj0y/Vulns/blob/master/Kiteworks%20Vulnerability • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 1CVE-2015-2856 – Accellion FTA Statecode Cookie Arbitrary File Read
https://notcve.org/view.php?id=CVE-2015-2856
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. Vulnerabilidad de salto de directorio en la función template en function.inc en dispositivos Accellion File Transfer Appliance anteriores a FTA_9_11_210 permite que atacantes remotos lean archivos arbitrarios mediante un .. (punto punto) en la cookie statecode. • https://www.rapid7.com/db/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read https://www.rapid7.com/blog/post/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •