New heights of PR BS
“Both the December Exploit and the January Exploit demonstrate a high level of sophistication and deep familiarity with the inner workings of the Accellion FTA software, likely obtained through extensive reverse engineering of the software.”
Now this is a carefully crafted statement for "we're a bunch of inept clowns and the security of our product was PoS". I see a trend here. Claim that a powerful state-actor (usual favorite vilains) that can afford to spend an inordinate amount of ressources did it. An adversary so powerful that nobody could resist no matter how good are our products. That will deflect public attention from your incompetence towards the harsh environment and the grave danger posed by foreign hackers.
Let's be clear here, it was nothing but plain old SQL injection flaw in the FTA web interface, an XSS flaw in FTA’s file manager a blind SQL injection and command injection flaw in FTA’s administrative interface and an unauthorized upload vulnerability. Looks like those brilliant devs at Accelion can't be bothered to visit the OWASP Top 10.