CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4645

HIGH
7.8
CVSS Severity Score
EPSS Score0.1870%
EPSS Percentile11.71th
PublishedFeb 19, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

Affected Platforms (CPE)

πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_135
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_178
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_189
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_259
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_296

References & Advisories

πŸ”— http://secunia.com/advisories/38538
πŸ”— http://www.portcullis-security.com/340.php
πŸ”— http://www.securityfocus.com/bid/38176
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/56246
πŸ”— http://secunia.com/advisories/38538
πŸ”— http://www.portcullis-security.com/340.php
πŸ”— http://www.securityfocus.com/bid/38176
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/56246

Related Vulnerabilities

CVE-2009-46449.0

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell ...

CVE-2009-46469.0

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote ...

CVE-2018-14538.8

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous type...

CVE-2009-46487.2

Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that...