Published threat advisories for February 16, 2021

Affected Accellion FTA systems are vulnerable to OS command execution via crafted requests, posing a business risk of unauthorized system control and data compromise.

NVD published: February 16, 2021 • CISA KEV

Accellion FTA software versions prior to 9.12.416 are affected by a Server-Side Request Forgery vulnerability. This can allow an attacker to trick the system into making unintended requests, potentially exposing sensitive data or granting unauthorized system access. The realistic business risk includes data compromise,

NVD published: February 16, 2021 • CISA KEV

Accellion FTA versions prior to 9.12.416 allow OS command execution through a local web service call. This vulnerability matters because unauthorized commands can be run on affected systems, posing a business risk of system compromise and potential data exfiltration.

NVD published: February 16, 2021 • CISA KEV

Accellion FTA is affected by a SQL injection vulnerability. Attackers can exploit this flaw by sending a crafted Host header, potentially leading to unauthorized access and modification of data. This presents a significant business risk to organizations using the affected software versions.

NVD published: February 16, 2021 • CISA KEV

A command injection vulnerability exists in the System Information Library for Node.js. This could allow an attacker with local access to execute unauthorized commands, impacting system integrity and data confidentiality. Organizations should identify and secure systems using this library.

NVD published: February 16, 2021 • CISA KEV