Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Accellion FTA SQL Injection Vulnerability

Known Exploited Vulnerabilities CVE-2021-27101 Mappings

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2021-27101	Accellion FTA SQL Injection Vulnerability	secondary_impact	T1005	Data from Local System	Comments CVE-2021-27101 is a SQL injection vulnerability in Accellion File Transfer Appliance that allows an adversary to execute SQL commands. References https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a
CVE-2021-27101	Accellion FTA SQL Injection Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments CVE-2021-27101 is a SQL injection vulnerability in Accellion File Transfer Appliance that allows an adversary to execute SQL commands. References https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a