Vulnerability Note VU#305607
Accellion Kiteworks contains multiple vulnerabilities
The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities.
CWE-276: Incorrect Default Permissions - CVE-2016-5662
An unauthenticated user may be able to conduct cross-site scripting attacks or read limited files from the appliance. An authenticated user may be able to elevate privileges of commands to root.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Accellion||Affected||-||16 Aug 2016|
CVSS Metrics (Learn More)
Thanks to Shubham Shah for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-5662 CVE-2016-5663 CVE-2016-5664
- Date Public: 23 Aug 2016
- Date First Published: 26 Aug 2016
- Date Last Updated: 26 Aug 2016
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.