CVE-2021-27101

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 10, 2021
Published Date: February 16, 2021
Last Updated: October 21, 2025
Vendor: Accellion
Product: FTA
Description: Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://www.accellion.com/products/fta/ https://github.com/accellion/CVEs/blob/main/CVE-2021-27101.txt

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC
CISA	2021-11-03 00:00:00 UTC

Timeline

CVE ID Reserved

February 10, 2021
CVE Published to Public

February 16, 2021
Exploit Used in Malware

November 03, 2021
Added to KEVIntel

November 03, 2021
Added to KEVIntel

November 03, 2021