Accellion · Kiteworks · CVE-2017-9421
**Name of the Vulnerable Software and Affected Versions**
Accellion kiteworks versions prior to 2017.01.00
**Description**
The issue allows remote attackers to bypass authentication and execute certain API calls on behalf of a web user. This is achieved by using a gathered token via a POST request to "/oauth/token".
**Recommendations**
For versions prior to 2017.01.00, update to version 2017.01.00 or later to resolve the issue.