Accellion: >> Kiteworks >> 7.3.0 Security Vulnerabilities
Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-11-29
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access.
CVSS Score
6.7
EPSS Score
0.002
Published
2021-06-23
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-06-23
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-05-24