CVE-2021-27103

Warnung

EPSS 5.46%
Veröffentlicht 16.02.2021 21:15:13
Zuletzt bearbeitet 04.02.2025 14:43:15
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Accellion ≫ Fta Version < 9_12_416

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability

Schwachstelle

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.46%	0.898

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.accellion.com/products/fta/

Product

https://github.com/accellion/CVEs/blob/main/CVE-2021-27103.txt

Product

https://nvd.nist.gov/vuln/detail/CVE-2021-27103

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27103

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27103

EUVD