Accellion Kiteworks Multiple Vulnerabilities
Sept. 15, 2016
Aug. 26, 2016
May 21, 2016
Versions of the appliance prior to version kw2016.03.0.
Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities consisted of issues directly pertaining to incorrect default permissions, cross-site scripting, and path traversal.
Accellion was immediately contacted via CERT, and we worked with Accellion through CERT in the coordinated disclosure process. The separate vulnerabilities were each given CVEs: CVE-2016-5662, CVE-2016-5663, and CVE-2016-5664. A further write-up can be found here.
- Shubham Shah of Bishop Fox
- Topaz A. of Loop Technology