CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24110
https://notcve.org/view.php?id=CVE-2022-24110
14 Feb 2022 — Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later. Kiteworks MFT versión 7.5, puede permitir que un usuario no autorizado restablezca las contraseñas de otros usuarios. Esto ha sido corregido en versiones 7.6 y posteriores • https://github.com/accellion/CVEs/blob/main/CVE-2022-24110.txt •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31586
https://notcve.org/view.php?id=CVE-2021-31586
23 Jun 2021 — Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. Accellion Kiteworks versiones anteriores a 7.4.0, permite a un usuario autenticado llevar a cabo una inyección SQL por medio de LDAPGroup Search • https://github.com/accellion/CVEs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31585
https://notcve.org/view.php?id=CVE-2021-31585
23 Jun 2021 — Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. Accellion Kiteworks versiones anteriores a 7.3.1, permite a un usuario con privilegios de administrador escalar sus privilegios al generar contraseñas SSH que permiten el acceso local • https://github.com/accellion/CVEs •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27730
https://notcve.org/view.php?id=CVE-2021-27730
02 Mar 2021 — Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. Accellion FTA versiones 9_12_432 y anteriores, está afectado por una inyección de argumentos por medio de una petición POST diseñada para un endpoint de administración. La versión fija es FTA_9_12_444 y posteriores • https://github.com/accellion/CVEs/blob/main/CVE-2021-27730.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27731
https://notcve.org/view.php?id=CVE-2021-27731
02 Mar 2021 — Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later. Accellion FTA versiones 9_12_432 y anteriores, está afectado por una vulnerabilidad de tipo XSS almacenado por medio de una petición POST diseñada para un endpoint de usuario. La versión corregida es FTA _9_12_444 y posteriores • https://github.com/accellion/CVEs/blob/main/CVE-2021-27731.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2021-27104 – Accellion FTA OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-27104
16 Feb 2021 — Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later. Accellion versiones FTA 9_12_370 y anteriores, está afectada por una ejecución de comandos del Sistema Operativo por medio de una petición POST diseñada para varios endpoints de administración. La versión corregida es FTA_9_12_380 y posteriores Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST r... • https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2021-27103 – Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-27103
16 Feb 2021 — Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later. Accellion versiones FTA 9_12_411 y anteriores, están afectadas por una vulnerabilidad de tipo SSRF por medio de una petición POST diseñada para el archivo wmProgressstat.html. La versión corregida es FTA_9_12_416 y posteriores Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.... • https://github.com/accellion/CVEs/blob/main/CVE-2021-27103.txt • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27102 – Accellion FTA OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-27102
16 Feb 2021 — Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. Accellion versiones FTA 9_12_411 y anteriores, está afectada por una ejecución de comandos del Sistema Operativo por medio de una llamada de servicio web local. La versión corregida es FTA_9_12_416 y posteriores Accellion FTA contains an OS command injection vulnerability exploited via a local web service call. • https://github.com/accellion/CVEs/blob/main/CVE-2021-27102.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-27101 – Accellion FTA SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-27101
16 Feb 2021 — Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later. Accellion versiones FTA 9_12_370 y anteriores, están afectadas por una inyección SQL por medio de un encabezado de Host diseñado en una petición al archivo document_root.html. La versión corregida es FTA_9_12_380 y posteriores Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to docu... • https://github.com/accellion/CVEs/blob/main/CVE-2021-27101.txt •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-5623 – Accellion File Transfer Appliance Improper Neutralization of Special Elements used in a Command ('Command Injection')
https://notcve.org/view.php?id=CVE-2019-5623
29 Apr 2020 — Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). Accellion File Transfer Appliance versión FTA_8_0_540, sufre una instancia CWE-77: Neutralización Inapropiada de Elementos Especiales usados en un Comando ("Command Injection"). • https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •