Detections
Analytics
CVE-2021-27101
critical
Description
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
From the Tenable Blog
Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104)
Published: 2021-02-19
Accellion recently released patches addressing four vulnerabilities in its File Transfer Appliance, a tool linked to a growing list of data breaches since December. Update February 22, 2021: The scoring and details of CVE-2021-27102 were updated to reflect the addition of further details to its NVD entry.
References
https://www.tenable.com/blog/from-bugs-to-breaches-25-significant-cves-as-mitre-cve-turns-25
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a
https://www.accellion.com/products/fta/
https://github.com/accellion/CVEs/blob/main/CVE-2021-27101.txt