Browse all 4 CVE security advisories affecting Accellion. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Accellion provides secure file transfer and content collaboration solutions, primarily serving enterprises for large data exchange. Historically, their products have faced multiple critical vulnerabilities, including remote code execution, cross-site scripting, and privilege escalation flaws. The company gained notoriety following the January 2021 zero-day exploit (CVE-2021-27403) that compromised numerous high-profile organizations, leading to data breaches. Despite patches, additional vulnerabilities have emerged, with four CVEs currently recorded. Accellion's security posture has been questioned due to these recurring issues, particularly in legacy systems, highlighting challenges in maintaining secure file transfer infrastructure against evolving threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-5622 | Accellion File Transfer Appliance Use of Hard-coded Credentials — File Transfer ApplianceCWE-798 | 9.8 | - | 2020-04-29 |
| CVE-2019-5623 | Accellion File Transfer Appliance Improper Neutralization of Special Elements used in a Command ('Command Injection') — File Transfer ApplianceCWE-77 | 9.8 | - | 2020-04-29 |
| CVE-2016-9499 | The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting. — FTP ServerCWE-204 | 5.3 | - | 2018-07-13 |
| CVE-2016-9500 | The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure — FTP ServerCWE-80 | 6.1 | - | 2018-07-13 |
This page lists every published CVE security advisory associated with Accellion. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.