Skip to main content

CVE-2021-27101: n/a in n/a

Critical
VulnerabilityCVE-2021-27101cvecve-2021-27101
Published: Tue Feb 16 2021 (02/16/2021, 20:02:39 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

AI-Powered Analysis

AILast updated: 07/08/2025, 03:55:47 UTC

Technical Analysis

CVE-2021-27101 is a critical SQL injection vulnerability affecting Accellion File Transfer Appliance (FTA) versions 9_12_370 and earlier. The vulnerability arises from improper sanitization of the Host header in HTTP requests directed at the document_root.html endpoint. An attacker can craft a malicious Host header that injects SQL commands into the backend database query executed by the application. This flaw allows remote, unauthenticated attackers to execute arbitrary SQL commands without any user interaction, potentially leading to full compromise of the underlying database. The vulnerability has a CVSS v3.1 base score of 9.8, indicating critical severity with high impact on confidentiality, integrity, and availability. Exploitation requires only network access (AV:N), no privileges (PR:N), and no user interaction (UI:N). Successful exploitation could result in data leakage, data manipulation, or complete system compromise. The vendor fixed this issue in version FTA_9_12_380 and later. There are no known exploits in the wild as of the published date, but the critical nature and ease of exploitation make it a significant threat to organizations using vulnerable versions of Accellion FTA.

Potential Impact

For European organizations, the impact of CVE-2021-27101 is substantial due to the sensitive nature of data typically handled by Accellion FTA, which is often used for secure file transfers in sectors like finance, healthcare, legal, and government. Exploitation could lead to unauthorized access to confidential files, resulting in data breaches that violate GDPR regulations, potentially incurring heavy fines and reputational damage. The integrity of transferred files could be compromised, affecting business operations and trust. Availability could also be impacted if attackers manipulate or delete critical data. Given the critical CVSS score and the fact that exploitation requires no authentication or user interaction, European entities using vulnerable versions are at high risk of compromise, especially if their Accellion appliances are internet-facing or accessible from less secure networks.

Mitigation Recommendations

European organizations should immediately verify if they are running Accellion FTA versions 9_12_370 or earlier and upgrade to version FTA_9_12_380 or later. If immediate patching is not feasible, organizations should implement strict network controls to limit access to the Accellion appliance, such as IP whitelisting, VPN-only access, and web application firewalls (WAF) configured to detect and block suspicious Host header manipulations. Monitoring and logging HTTP headers for anomalies can help detect attempted exploitation. Additionally, organizations should conduct thorough audits of their Accellion appliance logs and databases for signs of compromise. Implementing intrusion detection systems (IDS) with signatures for SQL injection attempts targeting Accellion FTA can provide early warnings. Finally, organizations should review and enhance their incident response plans to quickly address any potential exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2021-02-10T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983bc4522896dcbee3a3

Added to database: 5/21/2025, 9:09:15 AM

Last enriched: 7/8/2025, 3:55:47 AM

Last updated: 8/15/2025, 9:33:23 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats