{"vulnerability": "CVE-2021-27104", "sightings": [{"uuid": "0e617d6b-93a4-40fd-8c47-b89f1be63d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "MISP/7391b143-ed2a-4938-b1eb-1198b56048a3", "content": "", "creation_timestamp": "2021-02-23T15:58:16.000000Z"}, {"uuid": "45850c35-da5d-4614-8826-cc451a09b08e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "555e1058-064a-417a-879b-91d8813a4baa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:16.000000Z"}, {"uuid": "00c1b051-0311-4951-83d5-39fece5656aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "MISP/63ddead6-4b82-414c-ad8e-c516b950b446", "content": "", "creation_timestamp": "2021-10-25T22:32:43.000000Z"}, {"uuid": "49b1ffe5-10cf-4945-afb8-fa182bfa2194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971171", "content": "", "creation_timestamp": "2024-12-24T20:25:19.242513Z"}, {"uuid": "2a54a572-6183-4483-9ee2-89328c937899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:54.000000Z"}, {"uuid": "feb29fe2-a7f9-4b58-abfc-4611cc069324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "MISP/7391b143-ed2a-4938-b1eb-1198b56048a3", "content": "", "creation_timestamp": "2025-04-19T08:05:45.000000Z"}, {"uuid": "e9942b2d-a892-4ad8-bad0-a908d982f1ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "https://t.me/arpsyndicate/1239", "content": "#ExploitObserverAlert\n\nCVE-2021-27104\n\nDESCRIPTION: Exploit Observer has 9 entries related to CVE-2021-27104. Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.\n\nFIRST-EPSS: 0.007790000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T15:22:15.000000Z"}, {"uuid": "607b0090-93c3-4a99-92f6-d8c0b5dd8160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-27104", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d2b20001-9f20-4c35-88ae-7f16d4961147", "content": "", "creation_timestamp": "2026-02-02T12:28:33.110507Z"}, {"uuid": "89a90cc4-c6d3-4b1c-b36b-5664f4469bb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13976", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-27104\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.\n\ud83d\udccf Published: 2021-02-16T20:16:42.000Z\n\ud83d\udccf Modified: 2025-04-30T03:56:22.233Z\n\ud83d\udd17 References:\n1. https://www.accellion.com/products/fta/\n2. https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt", "creation_timestamp": "2025-04-30T04:12:32.000000Z"}, {"uuid": "a1906399-6d32-4a26-aa08-7f2fb1cf4172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "https://t.me/Russian_OSINT/875", "content": "\u200b\u200b\ud83d\ude94 \u0424\u0411\u0420 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043f\u0438\u0441\u043e\u043a 30 \u0441\u0430\u043c\u044b\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 2 \u0433\u043e\u0434\u0430\n\nCVE-2021-26855: It is a Microsoft Exchange Server Remote Code Execution\nCVE-2021-26857: It is a Microsoft Exchange Server Remote Code Execution\nCVE-2021-26858: It is a Microsoft Exchange Server Remote Code Execution\nCVE-2021-27065: It is a Microsoft Exchange Server Remote Code Execution\nCVE-2021-22893: It is an Improper Authentication vulnerability that is marked as critical\nCVE-2021-22894: It is a buffer overflow vulnerability that enables an attacker to execute arbitrary code\nCVE-2021-22899: It is a command injection vulnerability that enables an attacker to execute remote code\nCVE-2021-22900: It is an Improper Control of Generation of Code vulnerability\nCVE-2021-27101: It is an Improper Neutralization of Special Elements used in an SQL Command\nCVE-2021-27102: It is an Improper Neutralization of Special Elements used in an OS Command\nCVE-2021-27103: It is a Server-Side Request Forgery (SSRF) vulnerability\nCVE-2021-27104: It is an Improper Neutralization of Special Elements used in an OS Command vulnerability\nCVE-2021-21985: It is an Improper Input Validation vulnerability\nCVE-2018-13379: It is an Improper Limitation of a Pathname to a Restricted Directory (\u2018Path Traversal\u2019)\nCVE-2020-12812: It is an Improper Authentication vulnerability\nCVE-2019-5591: It is a Missing Authentication for Critical Function vulnerability\nCVE-2019-19781: It is an Improper Limitation of a Pathname to a Restricted Directory \nCVE 2019-11510: It is an Improper Limitation of a Pathname to a Restricted Directory\nCVE 2018-13379: It is an Improper Limitation of a Pathname to a Restricted Directory \nCVE 2020-5902: It is an Inclusion of Functionality from Untrusted Control Sphere and Improper Limitation of a Pathname to a Restricted Directory vulnerability \nCVE 2020-15505: It is an Insufficient Information vulnerability\nCVE-2017-11882: It is a Microsoft Office Memory Corruption vulnerability that enables an attacker to execute arbitrary code.\nCVE-2019-11580: It is an Insufficient Information vulnerability\nCVE-2018-7600: It is an Improper Input Validation vulnerability\nCVE 2019-18935: It is a Deserialization of Untrusted Data vulnerability\nCVE-2019-0604: It is a Microsoft SharePoint Remote Code Execution Vulnerability\nCVE-2020-0787: It is a Windows Background Intelligent Transfer Service Elevation of Privilege vulnerability\nCVE-2020-1472: It is a Netlogon Elevation of Privilege vulnerability \nCVE-2020-15505: It is an Insufficient Information vulnerability\nCVE-2020-0688: It is a Use of Hard-coded Credentials vulnerability", "creation_timestamp": "2021-07-29T17:59:02.000000Z"}, {"uuid": "630c6d66-cb66-498f-9166-b727ba901b86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-27104", "type": "seen", "source": "https://t.me/cibsecurity/23687", "content": "\u203c CVE-2021-27104 \u203c\n\nAccellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-17T00:48:03.000000Z"}]}