Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 6 of 6
Filters:
Acclaim Systems | USAHERDS

CVE-2021-44207

Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability : Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.

Related CWE: CWE-798

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation.
  • Date Added: 2024-12-23
  • Due Date: 2025-01-13
Additional Notes
https://www.acclaimsystems.com/#contact ; https://www.tnatc.org/#contact ; https://nvd.nist.gov/vuln/detail/CVE-2021-44207
Acronis | Cyber Infrastructure (ACI)

CVE-2023-45249

Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability: Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.

Related CWE: CWE-1393

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-29
  • Due Date: 2024-08-19
Additional Notes
https://security-advisory.acronis.com/advisories/SEC-6452; https://nvd.nist.gov/vuln/detail/CVE-2023-45249
Accellion | FTA

CVE-2021-27104

Accellion FTA OS Command Injection Vulnerability: Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

Related CWEs: CWE-20| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27104
Accellion | FTA

CVE-2021-27102

Accellion FTA OS Command Injection Vulnerability: Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

Related CWEs: CWE-20| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27102
Accellion | FTA

CVE-2021-27101

Accellion FTA SQL Injection Vulnerability: Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

Related CWEs: CWE-89| CWE-138

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27101
Accellion | FTA

CVE-2021-27103

Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability: Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27103

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now