CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4648

HIGH
7.2
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile14.12th
PublishedFeb 19, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.

Affected Platforms (CPE)

πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_135
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_178
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_189
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_259
πŸ”Œ
Accellion

Secure File Transfer Appliance

= 7_0_296

References & Advisories

πŸ”— http://www.portcullis-security.com/338.php
πŸ”— http://www.securityfocus.com/bid/38176
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/56248
πŸ”— http://www.portcullis-security.com/338.php
πŸ”— http://www.securityfocus.com/bid/38176
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/56248

Related Vulnerabilities

CVE-2009-46469.0

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote ...

CVE-2009-46449.0

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell ...

CVE-2018-14538.8

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous type...

CVE-2009-46457.8

Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows ...