Get CVE details and format as markdown
source link: https://gist.github.com/andytinkham/7a98cdca9e34beab75b8d4cb7ea459c6
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
| tags | aliases | date created | date modified | ||||
|---|---|---|---|---|---|---|---|
|
Saturday, February 11th 2023, 4:44:03 pm |
Wednesday, February 15th 2023, 6:53:55 pm |
CVE-2021-27101
CVE Details
ID: CVE-2021-27101
KNOWN EXPLOITED VULNERABILITY
CISA Details: Accellion FTA SQL Injection Vulnerability, Added: [[2021-11-03]], Action: Apply updates per vendor instructions., Due: [[2021-11-17]]
Source Identifier: [email protected]
Published: 2021-02-16T21:15:13.077
Last Modified: 2021-02-17T19:04:26.867
Status: Analyzed
Scores
CVSS 3.1 Score - Primary - [email protected]
Base Severity: CRITICAL - 9.8 (Exploitability: 3.9, Impact: 5.9)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Score - Primary - [email protected]
Base Severity: HIGH - 7.5 (Exploitability: 10, Impact: 6.4)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Insufficient info: false
Obtain all privilege: false
Obtain user privilege: false
Obtain other privilege: false
User interaction required: false
Description
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
Evaluator Notes
None provided
Weaknesses
| Weakness | Type | Source |
|---|---|---|
| [[CWE-89]] | Primary | [email protected] |
Vendor Comments
No vendor comments
References
Configurations
Configuration 1 (Operator: OR, Negate: false)
Node 1
- cpe:2.3
accellion:fta:*:*:*:*:*:*:*:*
- End Version: 9_12_370 (Including)
Affects
Useful Links
Official Response
Investigations
Affected Projects
| Repo | Detected On | Notes |
|---|---|---|
Affected Containers
| Container | Min Version | Max Version | Notes |
|---|---|---|---|
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK