📄 Description (English)
Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability — Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.
🤖 AI Executive Summary
Accellion FTA contains a critical SSRF vulnerability (CVSS 9.0) exploitable via crafted POST requests to wmProgressstat.html, allowing attackers to bypass authentication and access internal resources. This vulnerability has been actively exploited in the wild and poses immediate risk to organizations using Accellion FTA for secure file transfer. Patching is urgent as exploit code is publicly available.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 20, 2026 11:02
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in banking (SAMA-regulated institutions), government agencies (NCA oversight), healthcare providers, and energy sector (ARAMCO and subsidiaries) using Accellion FTA for secure document exchange face critical risk. Telecom operators (STC, Mobily) and financial services firms relying on Accellion for customer data transfer are particularly vulnerable. Attackers can access internal networks, exfiltrate sensitive data, and compromise authentication mechanisms without credentials.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Legal and Professional Services
Education and Research
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Accellion FTA instances in your environment and document their network locations
2. Isolate affected systems from production networks if patching cannot be completed within 24 hours
3. Enable enhanced logging on wmProgressstat.html endpoint and monitor for suspicious POST requests
4. Implement WAF rules to block POST requests to wmProgressstat.html containing suspicious parameters
PATCHING:
1. Apply Accellion security patches immediately (FTA 9_12_411 or later)
2. Verify patch installation by checking version numbers post-deployment
3. Conduct full regression testing before returning to production
COMPENSATING CONTROLS (if patching delayed):
1. Implement network segmentation to restrict Accellion FTA access to authorized IPs only
2. Deploy reverse proxy with strict input validation on wmProgressstat.html
3. Disable SSRF-prone functionality if business-critical
4. Implement IP whitelisting for all Accellion FTA communications
DETECTION:
1. Monitor for POST requests to wmProgressstat.html with unusual parameters or payloads
2. Alert on any outbound connections from Accellion FTA to internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
3. Track failed authentication attempts followed by successful internal resource access
4. Log all requests containing URL-encoded internal IP addresses or localhost references
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع مثيلات Accellion FTA في بيئتك وقم بتوثيق مواقعها على الشبكة
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج إذا لم يتمكن من إكمال التصحيح في غضون 24 ساعة
3. تفعيل السجلات المحسنة على نقطة نهاية wmProgressstat.html ومراقبة طلبات POST المريبة
4. تنفيذ قواعد WAF لحظر طلبات POST إلى wmProgressstat.html التي تحتوي على معاملات مريبة
التصحيح:
1. تطبيق تصحيحات أمان Accellion على الفور (FTA 9_12_411 أو أحدث)
2. التحقق من تثبيت التصحيح بفحص أرقام الإصدار بعد النشر
3. إجراء اختبار انحدار كامل قبل العودة إلى الإنتاج
الضوابط البديلة (إذا تأخر التصحيح):
1. تنفيذ تقسيم الشبكة لتقييد وصول Accellion FTA إلى عناوين IP المصرح بها فقط
2. نشر وكيل عكسي مع التحقق الصارم من المدخلات على wmProgressstat.html
3. تعطيل الوظائف المعرضة للـ SSRF إذا كانت حرجة للعمل
4. تنفيذ قائمة بيضاء IP لجميع اتصالات Accellion FTA
الكشف:
1. مراقبة طلبات POST إلى wmProgressstat.html بمعاملات أو حمولات غير عادية
2. تنبيه الاتصالات الصادرة من Accellion FTA إلى نطاقات IP الداخلية
3. تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح إلى الموارد الداخلية
4. تسجيل جميع الطلبات التي تحتوي على عناوين IP الداخلية المشفرة بـ URL أو مراجع localhost
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.8.2.1 - User Access Management
A.12.2.1 - Restrictions on Software Installation
A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
ID.BE-1 - Governance and Risk Management
PR.AC-1 - Access Control Policy and Procedures
PR.PT-1 - Security Awareness and Training
DE.CM-1 - The network is monitored to detect potential cybersecurity events
RS.RP-1 - Response and Recovery Planning
🟡 ISO 27001:2022
A.5.1 - Management Direction for Information Security
A.6.1 - Internal Organization
A.8.1 - User Endpoint Devices
A.12.2 - Restrictions on Software Installation
A.12.6 - Management of Technical Vulnerabilities
A.14.2 - Security Requirements Analysis and Specification
🟣 PCI DSS v4.0
Requirement 6.2 - Ensure all system components and software are protected from known vulnerabilities
Requirement 11.2 - Run automated vulnerability scans
Requirement 12.2 - Implement a process for identifying and assigning ownership
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
Accellion:FTA