Exposures › CVE-2021-27103

CVE-2021-27103

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2021-11-03
Reference
⌖ exploited in the wild shame 80/100 ransomwareexploited-in-wild

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Players implicated

Description

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Sentiment · trusted sources

  • synthesis severe-fallout -0.60
    Vulnerability disclosed with minimal context, no praise for handling.
  • cooey ↗ severe-fallout -0.60
    Neutral disclosure, no commendation.
    “Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.”

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Kiteworks Federal Cloud Accellion USA, LLC. Authorized vendor-exact · 0.90