ID de Prueba:	1.3.6.1.4.1.25623.1.0.106074
Categoría:	Web application abuses
Título:	Accellion FTA Multiple Vulnerabilities
Resumen:	Accellion FTA is prone to multiple vulnerabilities
Descripción:	Summary: Accellion FTA is prone to multiple vulnerabilities Vulnerability Insight: Multiple vulnerabilities were found in Accellion File Transfer Appliance: - Multiple cross-site scripting (XSS) vulnerabilities in getimageajax.php, move_partition_frame.html and wmInfo.html (CVE-2016-2350). - SQL injection vulnerability in home/seos/courier/security_key2.api via the client_id parameter (CVE-2016-2351). - Execution of arbitrary commands by leveraging the YUM_CLIENT restricted-user role (CVE-2016-2352). - Allowing local users to add an SSH key to an arbitrary group (CVE-2016-2353). Vulnerability Impact: Remote unauthenticated attackers may inject arbitrary web scripts or execute arbitrary SQL commands. Remote authenticated attackers may execute arbitrary commands and local users gain privileges. Affected Software/OS: Accellion FTA Version 9_11_210 and prior. Solution: Upgrade to version 9_12_40 or later CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2350 CERT/CC vulnerability note: VU#505560 http://www.kb.cert.org/vuls/id/505560 http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2351 Common Vulnerability Exposure (CVE) ID: CVE-2016-2352 Common Vulnerability Exposure (CVE) ID: CVE-2016-2353
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.