NVD - CVE-2021-27102 (original) (raw)

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

NIST: NVD

Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	NIST CISA-ADP

Known Affected Software Configurations Switch to CPE 2.2

Change History

11 change records found show changes

CVE Modified by CISA-ADP 6/16/2026 11:44:17 PM

CVE Modified by MITRE 6/16/2026 11:44:17 PM

Modified Analysis by NIST 11/03/2025 10:06:07 AM

CVE Modified by CISA-ADP 10/21/2025 8:17:29 PM

CVE Modified by CISA-ADP 10/21/2025 4🔞26 PM

CVE Modified by CISA-ADP 10/21/2025 3🔞58 PM

Modified Analysis by NIST 3/14/2025 1:07:54 PM

CVE Modified by CISA-ADP 2/03/2025 11:15:30 AM

CVE Modified by CVE 11/21/2024 12:57:21 AM

CVE Modified by MITRE 5/14/2024 4:37:09 AM

Initial Analysis by NIST 2/19/2021 4:26:47 PM