CVE-2021-27103

Warning

EPSS 5.46%
Published 16.02.2021 21:15:13
Last modified 04.02.2025 14:43:15
Source cve@mitre.org
Teams watchlist Login
Open Login

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

Affected products Warnungen 1 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Accellion ≫ Fta Version < 9_12_416

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability

Vulnerability

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.46%	0.898

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.accellion.com/products/fta/

Product

https://github.com/accellion/CVEs/blob/main/CVE-2021-27103.txt

Product

https://nvd.nist.gov/vuln/detail/CVE-2021-27103

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27103

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27103

EUVD