Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Accellion Kiteworks Multiple Vulnerabilities

Gauge showing high severity reading for a security advisory for EzAdsPro “BlackBox” application.


Release Date

Sept. 15, 2016

Patch Date

Aug. 26, 2016

Reported Date

May 21, 2016



Systems Affected

Versions of the appliance prior to version kw2016.03.0.


Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities consisted of issues directly pertaining to incorrect default permissions, cross-site scripting, and path traversal.

Vendor Status

Accellion was immediately contacted via CERT, and we worked with Accellion through CERT in the coordinated disclosure process. The separate vulnerabilities were each given CVEs: CVE-2016-5662, CVE-2016-5663, and CVE-2016-5664. A further write-up can be found here.


Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Default fox headshot purple

About the author, Shubham Shah

Bishop Fox Alumnus

Shubham Shah is a security researcher. He was formerly a consultant at Bishop Fox.
More by Shubham

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.