Test ID:	1.3.6.1.4.1.25623.1.0.106074
Category:	Web application abuses
Title:	Accellion FTA Multiple Vulnerabilities
Summary:	Accellion FTA is prone to multiple vulnerabilities
Description:	Summary: Accellion FTA is prone to multiple vulnerabilities Vulnerability Insight: Multiple vulnerabilities were found in Accellion File Transfer Appliance: - Multiple cross-site scripting (XSS) vulnerabilities in getimageajax.php, move_partition_frame.html and wmInfo.html (CVE-2016-2350). - SQL injection vulnerability in home/seos/courier/security_key2.api via the client_id parameter (CVE-2016-2351). - Execution of arbitrary commands by leveraging the YUM_CLIENT restricted-user role (CVE-2016-2352). - Allowing local users to add an SSH key to an arbitrary group (CVE-2016-2353). Vulnerability Impact: Remote unauthenticated attackers may inject arbitrary web scripts or execute arbitrary SQL commands. Remote authenticated attackers may execute arbitrary commands and local users gain privileges. Affected Software/OS: Accellion FTA Version 9_11_210 and prior. Solution: Upgrade to version 9_12_40 or later CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2350 CERT/CC vulnerability note: VU#505560 http://www.kb.cert.org/vuls/id/505560 http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2351 Common Vulnerability Exposure (CVE) ID: CVE-2016-2352 Common Vulnerability Exposure (CVE) ID: CVE-2016-2353
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.