Accellion Accellion

  1. Vendors
  2. Accellion

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Accellion product.

RSS Feeds for Accellion security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Accellion products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Accellion Sorted by Most Security Vulnerabilities since 2018

Accellion Fta6 vulnerabilities

Accellion File Transfer Appliance3 vulnerabilities

Accellion Kiteworks2 vulnerabilities

Accellion Managed File Transfer1 vulnerability

Known Exploited Accellion Vulnerabilities

The following Accellion vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Accellion FTA OS Command Injection Vulnerability Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.
CVE-2021-27104 Exploit Probability: 6.4% 		November 3, 2021
Accellion FTA OS Command Injection Vulnerability Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.
CVE-2021-27102 Exploit Probability: 0.3% 		November 3, 2021
Accellion FTA SQL Injection Vulnerability Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html.
CVE-2021-27101 Exploit Probability: 0.9% 		November 3, 2021
Accellion FTA SSRF Vulnerability Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html.
CVE-2021-27103 Exploit Probability: 2.9% 		November 3, 2021

By the Year

In 2026 there have been 0 vulnerabilities in Accellion. Accellion did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 1 6.50
2021 8 8.58
2020 2 9.80
2019 0 0.00
2018 2 0.00

It may take a day or so for new Accellion vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Accellion Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2022-24110 Feb 14, 2022
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.
Managed File Transfer
CVE-2021-31586 Jun 23, 2021
Accellion Kiteworks before 7.4.0 Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.
Kiteworks
CVE-2021-31585 Jun 23, 2021
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.
Kiteworks
CVE-2021-27730 Mar 02, 2021
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
Fta
CVE-2021-27731 Mar 02, 2021
Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
Fta
CVE-2021-27101 Feb 16, 2021
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
Fta
CVE-2021-27102 Feb 16, 2021
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
Fta
CVE-2021-27103 Feb 16, 2021
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
Fta
CVE-2021-27104 Feb 16, 2021
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
Fta
CVE-2019-5622 Apr 29, 2020
Accellion File Transfer Appliance version FTA_8_0_540 suffers Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.
File Transfer Appliance
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.