1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability

Known Exploited Vulnerabilities CVE-2021-27103 Mappings

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-27103 Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability secondary_impact T1005 Data from Local System
Comments
CVE-2021-27103 is a server-side request forgery vulnerability in Accellion File Transfer Appliance in Accellion that allows an adversary to manipulate server requests via a crafted POST request.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a
CVE-2021-27103 Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2021-27103 is a server-side request forgery vulnerability in Accellion File Transfer Appliance in Accellion that allows an adversary to manipulate server requests via a crafted POST request.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a