CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4644

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile13.02th
PublishedFeb 19, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.

Affected Platforms (CPE)

πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_135
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_178
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_189
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_259
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_296

References & Advisories

πŸ”— http://www.portcullis-security.com/338.php
πŸ”— http://www.securityfocus.com/bid/38176
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/56248
πŸ”— http://www.portcullis-security.com/338.php
πŸ”— http://www.securityfocus.com/bid/38176
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/56248

Related Vulnerabilities

CVE-2009-46469.0

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote ...

CVE-2018-14538.8

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous type...

CVE-2009-46457.8

Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows ...

CVE-2009-46487.2

Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that...