CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-27103

CVSS 9.8v3.1pub. 2021-02-16upd. 2025-11-03

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Accellion Fta

    APP
    Accellion
    < 9_12_416

CISA KEV — detailsi

Vendori
Accellion
Producti
FTA
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 17 listopada 2021
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2021-27101CRITICAL9.8⚠ KEVten sam produkt

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to docu...

CVE-2021-27104CRITICAL9.8⚠ KEVten sam produkt

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various a...

CVE-2021-27730CRITICAL9.8ten sam produkt

Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin en...

CVE-2021-27102HIGH7.8⚠ KEVten sam produkt

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed...

CVE-2021-27731MEDIUM6.1ten sam produkt

Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. Th...