These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2021-27104 affects Accellion FTA and is identified by CISA as a known exploited vulnerability. Because it was added to the Known Exploited Vulnerabilities catalog and associated with ransomware campaign use, organizations running FTA should treat it as a high-priority remediation item.
CVE-2021-27103 is a server-side request forgery (SSRF) issue in Accellion FTA that CISA added to its Known Exploited Vulnerabilities catalog on 2021-11-03. The KEV entry marks it as known to be used in ransomware campaigns and directs affected organizations to apply vendor updates.
CVE-2021-27102 is an OS command injection vulnerability affecting Accellion FTA. CISA included it in the Known Exploited Vulnerabilities catalog on 2021-11-03 and marked it as having known ransomware campaign use, which makes this a high-priority issue for any organization still relying on the product.
CVE-2021-27101 is an Accellion FTA SQL injection vulnerability that CISA listed in its Known Exploited Vulnerabilities catalog. The KEV entry marks it as known to be used in ransomware campaigns, which makes it a high-priority remediation item for any organization still running Accellion FTA. CISA’s KEV guidance calls for applying updates per vendor instructions.