This is a logo for Kiteworks, which recently remediated three Bishop Fox vulnerabilities.

Title:

Accellion Kiteworks Multiple Vulnerabilities

Release Date:

Sept. 15, 2016

Patch Date:

Aug. 26, 2016

Reported Date:

May 21, 2016

Vendor:

Accellion

Systems Affected:

Versions of the appliance prior to version kw2016.03.0.

Summary:

Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities consisted of issues directly pertaining to incorrect default permissions, cross-site scripting, and path traversal.

Vendor Status:

Accellion was immediately contacted via CERT, and we worked with Accellion through CERT in the coordinated disclosure process. The separate vulnerabilities were each given CVEs: CVE-2016-5662, CVE-2016-5663, and CVE-2016-5664. A further write-up can be found here.

Researcher(s):