CVE-2017-8788

Name of the Vulnerable Software and Affected Versions Accellion FTA versions prior to FTA 9 12 180

Description An issue was discovered in Accellion FTA devices, where a CRLF vulnerability exists in the settings global text edit.php file. This vulnerability allows for attacks using the ?display=x%0Dnewline parameter.

Recommendations For versions prior to FTA 9 12 180, update to FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings global text edit.php file until a patch is available. Avoid using the display parameter in the affected API endpoint until the issue is resolved.