Hacker Insights Revealed.... Join us for a live webcast as we explore new survey results with the experts!

Accellion Kiteworks Multiple Vulnerabilities

Gauge showing high severity reading for a security advisory

Share

Release Date

Sept. 15, 2016

Patch Date

Aug. 26, 2016

Reported Date

May 21, 2016

Vendor

Accellion

Systems Affected

Versions of the appliance prior to version kw2016.03.0.

Summary

Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities consisted of issues directly pertaining to incorrect default permissions, cross-site scripting, and path traversal.

Vendor Status

Accellion was immediately contacted via CERT, and we worked with Accellion through CERT in the coordinated disclosure process. The separate vulnerabilities were each given CVEs: CVE-2016-5662, CVE-2016-5663, and CVE-2016-5664. A further write-up can be found here.

Researchers

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.


Default fox headshot purple

About the author, Shubham Shah

Bishop Fox Alumnus

Shubham Shah is a security researcher. He was formerly a consultant at Bishop Fox.
More by Shubham

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.