CVE-2016-2351

Name of the Vulnerable Software and Affected Versions Accellion File Transfer Appliance (FTA) versions prior to FTA 9 12 40

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the client id parameter in the "home/seos/courier/security key2.api" endpoint.

Recommendations For versions prior to FTA 9 12 40, update to FTA 9 12 40 or later to resolve the issue. As a temporary workaround, consider restricting access to the "home/seos/courier/security key2.api" endpoint to minimize the risk of exploitation. Avoid using the client id parameter in the affected API endpoint until the issue is resolved.