CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-4648

HIGH
7.2
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile14.12th
Published2010年2月19日
Last Modified2026年4月29日

Vulnerability Description

Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.

Affected Platforms (CPE)

🔌
Accellion

Secure File Transfer Appliance

= 7_0_135
🔌
Accellion

Secure File Transfer Appliance

= 7_0_178
🔌
Accellion

Secure File Transfer Appliance

= 7_0_189
🔌
Accellion

Secure File Transfer Appliance

= 7_0_259
🔌
Accellion

Secure File Transfer Appliance

= 7_0_296

References & Advisories

🔗 http://www.portcullis-security.com/338.php
🔗 http://www.securityfocus.com/bid/38176
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/56248
🔗 http://www.portcullis-security.com/338.php
🔗 http://www.securityfocus.com/bid/38176
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/56248

関連する脆弱性情報

CVE-2009-46469.0

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote ...

CVE-2009-46449.0

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell ...

CVE-2018-14538.8

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous type...

CVE-2009-46457.8

Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows ...