accellion/CVEs
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.5 MEDIUM | 4 MEDIUM | ||
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later. | |||
| 6.7 MEDIUM | 4.6 MEDIUM | ||
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. | |||
| 8.8 HIGH | 6.5 MEDIUM | ||
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later. | |||
| 7.8 HIGH | 7.2 HIGH | ||
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later. | |||
| 9.8 CRITICAL | 10 HIGH | ||
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later. | |||