What is CVE-2016-9500?

CVE-2016-9500 is a vulnerability found in Accellion FTP server prior to version FTA_9_12_220.

What is the severity of CVE-2016-9500?

CVE-2016-9500 has a severity value of 6.1, which is considered medium.

How does CVE-2016-9500 affect Accellion FTP server?

CVE-2016-9500 affects Accellion FTP server versions prior to FTA_9_12_220 by making it susceptible to cross-site scripting due to vulnerabilities in the Accusoft Prizm Content flash component.

What is Accusoft Prizm Content flash component?

Accusoft Prizm Content flash component is a component used by Accellion FTP server that contains multiple parameters which are vulnerable to cross-site scripting.

How can I fix CVE-2016-9500?

To fix CVE-2016-9500, it is recommended to update Accellion FTP server to version FTA_9_12_220 or later to patch the vulnerabilities in the Accusoft Prizm Content flash component.

Vulnerability/
CVE-2016-9500

medium

6.1

CWE

79 80

13/7/2018

6/8/2024

CVE-2016-9500: The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure

First published: Fri Jul 13 2018(Updated: )

Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Accellion FTP server	<fta_9_12_220

Remedy

Both issues have been addressed in the most recent version FTA_9_12_220, released on 31 January 2017. Previously, CVE-2016-9500 was addressed in FTA_9_12_160 released on 29 November 2016.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2016-9500?
CVE-2016-9500 is a vulnerability found in Accellion FTP server prior to version FTA_9_12_220.
What is the severity of CVE-2016-9500?
CVE-2016-9500 has a severity value of 6.1, which is considered medium.
How does CVE-2016-9500 affect Accellion FTP server?
CVE-2016-9500 affects Accellion FTP server versions prior to FTA_9_12_220 by making it susceptible to cross-site scripting due to vulnerabilities in the Accusoft Prizm Content flash component.
What is Accusoft Prizm Content flash component?
Accusoft Prizm Content flash component is a component used by Accellion FTP server that contains multiple parameters which are vulnerable to cross-site scripting.
How can I fix CVE-2016-9500?
To fix CVE-2016-9500, it is recommended to update Accellion FTP server to version FTA_9_12_220 or later to patch the vulnerabilities in the Accusoft Prizm Content flash component.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/last-modified-date
agent/remedy
agent/weakness
agent/references
agent/author
agent/tags
agent/event
agent/description
agent/first-publish-date
vendor/accellion
canonical/accellion ftp server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.