CVE-2021-27101: n/a in n/a
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
AI Analysis
Technical Summary
CVE-2021-27101 is a critical SQL injection vulnerability affecting Accellion File Transfer Appliance (FTA) versions 9_12_370 and earlier. The vulnerability arises from improper sanitization of the Host header in HTTP requests directed at the document_root.html endpoint. An attacker can craft a malicious Host header that injects SQL commands into the backend database query executed by the application. This flaw allows remote, unauthenticated attackers to execute arbitrary SQL commands without any user interaction, potentially leading to full compromise of the underlying database. The vulnerability has a CVSS v3.1 base score of 9.8, indicating critical severity with high impact on confidentiality, integrity, and availability. Exploitation requires only network access (AV:N), no privileges (PR:N), and no user interaction (UI:N). Successful exploitation could result in data leakage, data manipulation, or complete system compromise. The vendor fixed this issue in version FTA_9_12_380 and later. There are no known exploits in the wild as of the published date, but the critical nature and ease of exploitation make it a significant threat to organizations using vulnerable versions of Accellion FTA.
Potential Impact
For European organizations, the impact of CVE-2021-27101 is substantial due to the sensitive nature of data typically handled by Accellion FTA, which is often used for secure file transfers in sectors like finance, healthcare, legal, and government. Exploitation could lead to unauthorized access to confidential files, resulting in data breaches that violate GDPR regulations, potentially incurring heavy fines and reputational damage. The integrity of transferred files could be compromised, affecting business operations and trust. Availability could also be impacted if attackers manipulate or delete critical data. Given the critical CVSS score and the fact that exploitation requires no authentication or user interaction, European entities using vulnerable versions are at high risk of compromise, especially if their Accellion appliances are internet-facing or accessible from less secure networks.
Mitigation Recommendations
European organizations should immediately verify if they are running Accellion FTA versions 9_12_370 or earlier and upgrade to version FTA_9_12_380 or later. If immediate patching is not feasible, organizations should implement strict network controls to limit access to the Accellion appliance, such as IP whitelisting, VPN-only access, and web application firewalls (WAF) configured to detect and block suspicious Host header manipulations. Monitoring and logging HTTP headers for anomalies can help detect attempted exploitation. Additionally, organizations should conduct thorough audits of their Accellion appliance logs and databases for signs of compromise. Implementing intrusion detection systems (IDS) with signatures for SQL injection attempts targeting Accellion FTA can provide early warnings. Finally, organizations should review and enhance their incident response plans to quickly address any potential exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2021-27101: n/a in n/a
Description
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
AI-Powered Analysis
Technical Analysis
CVE-2021-27101 is a critical SQL injection vulnerability affecting Accellion File Transfer Appliance (FTA) versions 9_12_370 and earlier. The vulnerability arises from improper sanitization of the Host header in HTTP requests directed at the document_root.html endpoint. An attacker can craft a malicious Host header that injects SQL commands into the backend database query executed by the application. This flaw allows remote, unauthenticated attackers to execute arbitrary SQL commands without any user interaction, potentially leading to full compromise of the underlying database. The vulnerability has a CVSS v3.1 base score of 9.8, indicating critical severity with high impact on confidentiality, integrity, and availability. Exploitation requires only network access (AV:N), no privileges (PR:N), and no user interaction (UI:N). Successful exploitation could result in data leakage, data manipulation, or complete system compromise. The vendor fixed this issue in version FTA_9_12_380 and later. There are no known exploits in the wild as of the published date, but the critical nature and ease of exploitation make it a significant threat to organizations using vulnerable versions of Accellion FTA.
Potential Impact
For European organizations, the impact of CVE-2021-27101 is substantial due to the sensitive nature of data typically handled by Accellion FTA, which is often used for secure file transfers in sectors like finance, healthcare, legal, and government. Exploitation could lead to unauthorized access to confidential files, resulting in data breaches that violate GDPR regulations, potentially incurring heavy fines and reputational damage. The integrity of transferred files could be compromised, affecting business operations and trust. Availability could also be impacted if attackers manipulate or delete critical data. Given the critical CVSS score and the fact that exploitation requires no authentication or user interaction, European entities using vulnerable versions are at high risk of compromise, especially if their Accellion appliances are internet-facing or accessible from less secure networks.
Mitigation Recommendations
European organizations should immediately verify if they are running Accellion FTA versions 9_12_370 or earlier and upgrade to version FTA_9_12_380 or later. If immediate patching is not feasible, organizations should implement strict network controls to limit access to the Accellion appliance, such as IP whitelisting, VPN-only access, and web application firewalls (WAF) configured to detect and block suspicious Host header manipulations. Monitoring and logging HTTP headers for anomalies can help detect attempted exploitation. Additionally, organizations should conduct thorough audits of their Accellion appliance logs and databases for signs of compromise. Implementing intrusion detection systems (IDS) with signatures for SQL injection attempts targeting Accellion FTA can provide early warnings. Finally, organizations should review and enhance their incident response plans to quickly address any potential exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2021-02-10T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983bc4522896dcbee3a3
Added to database: 5/21/2025, 9:09:15 AM
Last enriched: 7/8/2025, 3:55:47 AM
Last updated: 8/15/2025, 9:33:23 PM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.