CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-27104

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score88.5270%
EPSS Percentile96.96th
Published2021年2月16日
Last Modified2025年11月3日

Vulnerability Description

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

Affected Platforms (CPE)

📦
Accellion

Fta

<= 9_12_370

References & Advisories

🔗 https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt
🔗 https://www.accellion.com/products/fta/
🔗 https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt
🔗 https://www.accellion.com/products/fta/
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27104

関連する脆弱性情報

CVE-2017-879410.0

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https ...

CVE-2019-56229.8

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.

CVE-2021-271019.8

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The ...

CVE-2019-56239.8

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Eleme...