Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability

Known Exploited Vulnerabilities CVE-2021-27103

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2021-27103	Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability	secondary_impact	T1005	Data from Local System	Comments CVE-2021-27103 is a server-side request forgery vulnerability in Accellion File Transfer Appliance in Accellion that allows an adversary to manipulate server requests via a crafted POST request. References https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a
CVE-2021-27103	Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments CVE-2021-27103 is a server-side request forgery vulnerability in Accellion File Transfer Appliance in Accellion that allows an adversary to manipulate server requests via a crafted POST request. References https://cloud.google.com/blog/topics/threat-intelligence/accellion-fta-exploited-for-data-theft-and-extortion/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a