PT-2020-11149 · Accellion · Accellion File Transfer Appliance

Published

2020-04-29

Updated

2020-05-07

CVE-2019-5622

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Accellion File Transfer Appliance version FTA 8 0 540

Description The issue is related to the use of hard-coded credentials, which is an instance of CWE-798. This means that the credentials are embedded directly in the software, potentially allowing unauthorized access.

Recommendations For Accellion File Transfer Appliance version FTA 8 0 540, consider changing the hard-coded credentials to unique, secure credentials to prevent unauthorized access. As a temporary workaround, restrict access to the appliance until a patch or secure configuration can be applied.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2019-5622

Affected Products

Accellion File Transfer Appliance

PT-2020-11149 · Accellion · Accellion File Transfer Appliance

CVE-2019-5622

Weakness Enumeration

Related Identifiers

Affected Products

References · 4