Four Known Exploited Vulnerabilities

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

1. Accellion FTA OS Command Injection Vulnerability

- CVE-2021-27104 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.

The fixed version is FTA_9_12_380 and later.

2. Accellion FTA OS Command Injection Vulnerability

- CVE-2021-27102 Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.

The fixed version is FTA_9_12_416 and later.

3. Accellion FTA SQL Injection Vulnerability

- CVE-2021-27101 Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html.

The fixed version is FTA_9_12_380 and later.

4. Accellion FTA SSRF Vulnerability

- CVE-2021-27103 Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html.

The fixed version is FTA_9_12_416 and later.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

Four Known Exploited Vulnerabilities:

1. Accellion FTA SSRF Vulnerability

2. Accellion FTA OS Command Injection Vulnerability

3. Accellion FTA SQL Injection Vulnerability

4. Accellion FTA SSRF Vulnerability

Source: CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA

Four Known Exploited Vulnerabilities

1. Accellion FTA OS Command Injection Vulnerability

2. Accellion FTA OS Command Injection Vulnerability

3. Accellion FTA SQL Injection Vulnerability

4. Accellion FTA SSRF Vulnerability

Reactor RabbitMQ in your Reactive Spring Boot Application — Part 1

ERROR [Failed to obtain JDBC Connection; nested exception is java.sql.SQLTransientConnectionException: DevDataSource- Connection is not available, request timed out after 30000ms.]

DEBUG org.springframework.jdbc.core.StatementCreatorUtils :: JDBC getParameterType call failed - using fallback method instead: org.postgresql.util.PSQLException: ERROR: type "gdtcr.enum_reqeust_for" does not exist

ERROR: current transaction is aborted, commands ignored until end of transaction block; nested exception is org.postgresql.util.PSQLException: ERROR: current transaction is aborted, commands ignored until end of transaction block

Four Known Exploited Vulnerabilities

1. Accellion FTA OS Command Injection Vulnerability

2. Accellion FTA OS Command Injection Vulnerability

3. Accellion FTA SQL Injection Vulnerability

4. Accellion FTA SSRF Vulnerability

You might like