CVE-2017-8793

Name of the Vulnerable Software and Affected Versions Accellion FTA versions prior to FTA 9 12 180

Description An issue allows an attacker to bypass the Same Origin Policy by sending a POST request to the "home/seos/courier/web/wmProgressstat.html.php" endpoint with an attacker domain in the acallow parameter, resulting in the device responding with an Access-Control-Allow-Origin header that grants site access to the attacker.

Recommendations For Accellion FTA versions prior to FTA 9 12 180, update to version FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the "home/seos/courier/web/wmProgressstat.html.php" endpoint to minimize the risk of exploitation. Avoid using the acallow parameter in this endpoint until the issue is resolved.