Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

Accellion Kiteworks Multiple Vulnerabilities

High-Risk Security Vulnerability found by Bishop Fox Research Team

Share

Release Date

Sept. 15, 2016

Patch Date

Aug. 26, 2016

Reported Date

May 21, 2016

Vendor

Accellion

Systems Affected

Versions of the appliance prior to version kw2016.03.0.

Summary

Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities consisted of issues directly pertaining to incorrect default permissions, cross-site scripting, and path traversal.

Vendor Status

Accellion was immediately contacted via CERT, and we worked with Accellion through CERT in the coordinated disclosure process. The separate vulnerabilities were each given CVEs: CVE-2016-5662, CVE-2016-5663, and CVE-2016-5664. A further write-up can be found here.

Researchers


Default fox headshot purple

About the author, Shubham Shah

Bishop Fox Alumnus

Shubham Shah is a security researcher. He was formerly a consultant at Bishop Fox.
More by Shubham

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.