Back to CVE Browser

CVE-2015-2857

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0350%

EPSS Percentile27.34th

PublishedAug 22, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.

Affected Platforms (CPE)

📦

Accellion

File Transfer Appliance

<= 9_11_200

References & Advisories

🔗 http://packetstormsecurity.com/files/132665/Accellion-FTA-getStatus-verify_oauth_token-Command-Execution.html

🔗 http://www.rapid7.com/db/modules/exploit/linux/http/accellion_fta_getstatus_oauth

🔗 https://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857

🔗 https://www.exploit-db.com/exploits/37597/

🔗 http://packetstormsecurity.com/files/132665/Accellion-FTA-getStatus-verify_oauth_token-Command-Execution.html

🔗 http://www.rapid7.com/db/modules/exploit/linux/http/accellion_fta_getstatus_oauth

🔗 https://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857

🔗 https://www.exploit-db.com/exploits/37597/

Related Vulnerabilities

CVE-2016-23519.8

SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_...

CVE-2019-56239.8

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Eleme...

CVE-2019-56229.8

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.

CVE-2009-46449.0

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell ...