CVE-2009-4644

Accellion Secure File Transfer Appliance <8.0.105 - Command Injection

Title source: llm
STIX 2.1

Description

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38176
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56248

Scores

EPSS 0.0241
EPSS Percentile 82.1%

Details

CWE
CWE-78
Status published
Products (5)
accellion/secure_file_transfer_appliance 7_0_135
accellion/secure_file_transfer_appliance 7_0_178
accellion/secure_file_transfer_appliance 7_0_189
accellion/secure_file_transfer_appliance 7_0_259
accellion/secure_file_transfer_appliance 7_0_296
Published Feb 19, 2010
Tracked Since Feb 18, 2026