NVD - CVE-2021-27101 (original) (raw)

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

NIST: NVD

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-Other	Other	NIST

Known Affected Software Configurations Switch to CPE 2.2

Change History

12 change records found show changes

CVE Modified by CISA-ADP 6/16/2026 11:44:17 PM

CVE Modified by MITRE 6/16/2026 11:44:17 PM

Modified Analysis by NIST 11/03/2025 10:06:03 AM

CVE Modified by CISA-ADP 10/21/2025 8:17:28 PM

CVE Modified by CISA-ADP 10/21/2025 4🔞25 PM

CVE Modified by CISA-ADP 10/21/2025 3🔞57 PM

Modified Analysis by NIST 4/03/2025 3:14:16 PM

CVE Modified by CISA-ADP 2/03/2025 12:15:11 PM

CVE Modified by CVE 11/21/2024 12:57:21 AM

CVE Modified by MITRE 5/14/2024 4:37:09 AM

CWE Remap by NIST 8/08/2023 10:21:49 AM

Initial Analysis by NIST 2/17/2021 2:04:26 PM