NVD - CVE-2021-27104 (original) (raw)
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
Metrics
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:
NIST: NVD
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
NIST: NVD
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This CVE is in CISA's Known Exploited Vulnerabilities Catalog
Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.
| Vulnerability Name | Date Added | Due Date | Required Action |
|---|---|---|---|
| Accellion FTA OS Command Injection Vulnerability | 11/03/2021 | 11/17/2021 | Apply updates per vendor instructions. |
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | NIST CISA-ADP |
Known Affected Software Configurations Switch to CPE 2.2
Change History
11 change records found show changes
CVE Modified by CISA-ADP 6/16/2026 11:44:18 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC | {"timestamp":"2025-05-27T17:56:24.718712Z","id":"CVE-2021-27104","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"} |
CVE Modified by MITRE 6/16/2026 11:44:18 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | [{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}] |
Modified Analysis by NIST 11/03/2025 10:08:31 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference Type | CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2021-27104 Types: US Government Resource |
CVE Modified by CISA-ADP 10/21/2025 8:17:29 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2021-27104 |
CVE Modified by CISA-ADP 10/21/2025 4🔞26 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Removed | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2021-27104 |
CVE Modified by CISA-ADP 10/21/2025 3🔞58 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2021-27104 |
Modified Analysis by NIST 3/14/2025 4:48:03 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | Reference Type | CVE: https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt Types: Third Party Advisory | CVE: https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt Types: Broken Link, Third Party Advisory |
| Changed | Reference Type | MITRE: https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt Types: Third Party Advisory | MITRE: https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt Types: Broken Link, Third Party Advisory |
CVE Modified by CISA-ADP 2/03/2025 10:15:13 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
| Added | CWE | CWE-78 |
CVE Modified by CVE 11/21/2024 12:57:21 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt | |
| Added | Reference | https://www.accellion.com/products/fta/ |
CVE Modified by MITRE 5/14/2024 4:37:09 AM
| Action | Type | Old Value | New Value |
|---|
Initial Analysis by NIST 2/17/2021 1:52:07 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |
| Added | CVSS V2 | NIST (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |
| Added | CWE | NIST CWE-78 | |
| Added | CPE Configuration | OR *cpe:2.3:a:accellion:fta:*:*:*:*:*:*:*:* versions up to (including) 9_12_370 | |
| Changed | Reference Type | https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt No Types Assigned | https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt Third Party Advisory |
| Changed | Reference Type | https://www.accellion.com/products/fta/ No Types Assigned | https://www.accellion.com/products/fta/ Product, Vendor Advisory |