Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53939 | 1 Accellion | 1 Kiteworks | 2025-12-04 | N/A | 6.3 MEDIUM |
| Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0. | |||||
| CVE-2021-31586 | 1 Accellion | 1 Kiteworks | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. | |||||
| CVE-2021-31585 | 1 Accellion | 1 Kiteworks | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. | |||||
| CVE-2017-9421 | 1 Accellion | 1 Kiteworks | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. | |||||