CVE-2021-27101

Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 370 and earlier

Description The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to execute arbitrary SQL code and gain unauthorized access to protected information using a specially crafted request with a Host header. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For Accellion FTA versions 9 12 370 and earlier, update to version FTA 9 12 380 or later to resolve the issue. As a temporary workaround, consider restricting access to the document root.html endpoint to minimize the risk of exploitation. Avoid using specially crafted Host headers in requests to this endpoint until the issue is resolved.