CyberSec.Space Logo
Back to CVE Browser

CVE-2021-27104

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score88.5270%
EPSS Percentile96.96th
PublishedFeb 16, 2021
Last ModifiedNov 3, 2025

Vulnerability Description

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

Affected Platforms (CPE)

πŸ“¦
Accellion

Fta

<= 9_12_370

References & Advisories

πŸ”— https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt
πŸ”— https://www.accellion.com/products/fta/
πŸ”— https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt
πŸ”— https://www.accellion.com/products/fta/
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27104

Related Vulnerabilities

CVE-2017-879410.0

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https ...

CVE-2019-56229.8

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.

CVE-2021-271019.8

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The ...

CVE-2019-56239.8

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Eleme...