Vulnerability Description
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
CVSS Score
5.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Accellion | Ftp Server | < fta_9_12_220 |
Related Weaknesses (CWE)
References
- https://www.kb.cert.org/vuls/id/745607Third Party AdvisoryUS Government Resource
- https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdfExploitThird Party Advisory
- https://www.securityfocus.com/bid/96154Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/745607Third Party AdvisoryUS Government Resource
- https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdfExploitThird Party Advisory
- https://www.securityfocus.com/bid/96154Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-9499?
CVE-2016-9499 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts an...
How severe is CVE-2016-9499?
CVE-2016-9499 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9499?
Check the references section above for vendor advisories and patch information. Affected products include: Accellion Ftp Server.