This is a logo for Kiteworks, which recently remediated three Bishop Fox vulnerabilities.


Accellion Kiteworks Multiple Vulnerabilities

Release Date:

Sept. 15, 2016

Patch Date:

Aug. 26, 2016

Reported Date:

May 21, 2016



Systems Affected:

Versions of the appliance prior to version kw2016.03.0.


Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities consisted of issues directly pertaining to incorrect default permissions, cross-site scripting, and path traversal.

Vendor Status:

Accellion was immediately contacted via CERT, and we worked with Accellion through CERT in the coordinated disclosure process. The separate vulnerabilities were each given CVEs: CVE-2016-5662, CVE-2016-5663, and CVE-2016-5664. A further write-up can be found here.