PT-2018-5089 · Accellion · Accellion Ftp Server

Ashish Kamble

Published

2018-07-13

Updated

2019-10-09

CVE-2016-9499

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Accellion FTP server versions prior to FTA 9 12 220

Description The issue allows an attacker to determine valid user accounts by enumerating them, as the server only returns the username in the response if the username is invalid.

Recommendations For versions prior to FTA 9 12 220, update to version FTA 9 12 220 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-204

Related Identifiers

CVE-2016-9499

Affected Products

Accellion Ftp Server

PT-2018-5089 · Accellion · Accellion Ftp Server

CVE-2016-9499

Weakness Enumeration

Related Identifiers

Affected Products

References · 5