Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0793
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Progress WS_FTP Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WS_FTP Server 2020.0.4 versions ant\u00e9rieures \u00e0 8.7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Progress",
"scada": false
}
}
},
{
"description": "WS_FTP Server 2022.0.2 versions ant\u00e9rieures \u00e0 8.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Progress",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40045"
},
{
"name": "CVE-2023-42657",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42657"
},
{
"name": "CVE-2022-27665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27665"
},
{
"name": "CVE-2023-40048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40048"
},
{
"name": "CVE-2023-40046",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40046"
},
{
"name": "CVE-2023-40044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40044"
},
{
"name": "CVE-2023-40047",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40047"
},
{
"name": "CVE-2023-40049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40049"
}
],
"initial_release_date": "2023-09-29T00:00:00",
"last_revision_date": "2023-09-29T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0793",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Progress WS_FTP\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Progress WS_FTP Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Progress du 27 septembre 2023",
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
]
}
CVE-2023-40046 (GCVE-0-2023-40046)
Vulnerability from cvelistv5
Published
2023-09-27 14:50
Modified
2024-09-23 15:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
In WS_FTP Server versions prior to 8.7.4 and 8.8.2,
a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | WS_FTP Server |
Version: 8.8.0 ≤ Version: 8.7.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T14:51:09.369151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T15:07:01.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Server Manager"
],
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThan": "8.7.4",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-27T14:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn WS_FTP Server versions prior to 8.7.4 and 8.8.2,\u003c/span\u003e\n\n a SQL injection vulnerability exists in the WS_FTP Server manager interface. A\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2,\n\n a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:23:03.495Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WS_FTP Server SQL Injection via Administrative Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2023-40046",
"datePublished": "2023-09-27T14:50:18.549Z",
"dateReserved": "2023-08-08T19:44:41.112Z",
"dateUpdated": "2024-09-23T15:07:01.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40045 (GCVE-0-2023-40045)
Vulnerability from cvelistv5
Published
2023-09-27 14:49
Modified
2024-09-24 14:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
In WS_FTP Server versions prior to 8.7.4 and 8.8.2,
a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | WS_FTP Server |
Version: 8.8.0 ≤ Version: 8.7.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ws_ftp_server",
"vendor": "progress",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "custom"
},
{
"lessThan": "8.7.4",
"status": "affected",
"version": "8.7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:24:20.092433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:25:59.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Ad Hoc Transfer Module"
],
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThan": "8.7.4",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Cristian Mocanu - Deloitte"
}
],
"datePublic": "2023-09-27T14:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2,\n\n a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server\u0027s Ad Hoc Transfer module.\u0026nbsp; An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\u003c/p\u003e"
}
],
"value": "\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2,\n\n a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server\u0027s Ad Hoc Transfer module.\u00a0 An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:21:31.211Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2023-40045",
"datePublished": "2023-09-27T14:49:45.334Z",
"dateReserved": "2023-08-08T19:44:41.112Z",
"dateUpdated": "2024-09-24T14:25:59.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27665 (GCVE-0-2022-27665)
Vulnerability from cvelistv5
Published
2023-04-03 00:00
Modified
2024-11-27 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.ipswitch.com/WS_FTP_Server2020/ReleaseNotes/index.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dievus/CVE-2022-27665"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T14:47:32.188150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T14:47:52.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T19:43:13.643126",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.ipswitch.com/WS_FTP_Server2020/ReleaseNotes/index.htm"
},
{
"url": "https://github.com/dievus/CVE-2022-27665"
},
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27665",
"datePublished": "2023-04-03T00:00:00",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-11-27T14:47:52.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40044 (GCVE-0-2023-40044)
Vulnerability from cvelistv5
Published
2023-09-27 14:48
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | WS_FTP Server |
Version: 8.8.0 ≤ Version: 8.7.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/10/02/ws_ftp_update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/"
},
{
"tags": [
"x_transferred"
],
"url": "https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044"
},
{
"tags": [
"x_transferred"
],
"url": "https://censys.com/cve-2023-40044/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40044",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:29:04.428335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-40044"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:36.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-40044"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-05T00:00:00+00:00",
"value": "CVE-2023-40044 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Ad Hoc Transfer Module"
],
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThan": "8.7.4",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shubham Shah - Assetnote"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sean Yeoh - Assetnote"
}
],
"datePublic": "2023-09-27T14:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn WS_FTP Server versions prior to 8.7.4 and 8.8.2\u003c/span\u003e, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.\u0026nbsp;\u0026nbsp;\u003c/p\u003e"
}
],
"value": "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T16:06:10.768Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
},
{
"url": "https://www.theregister.com/2023/10/02/ws_ftp_update/"
},
{
"url": "https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/"
},
{
"url": "https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044"
},
{
"url": "https://censys.com/cve-2023-40044/"
},
{
"url": "https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044"
},
{
"url": "http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2023-40044",
"datePublished": "2023-09-27T14:48:08.190Z",
"dateReserved": "2023-08-08T19:44:41.112Z",
"dateUpdated": "2025-10-21T23:05:36.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42657 (GCVE-0-2023-42657)
Vulnerability from cvelistv5
Published
2023-09-27 14:49
Modified
2024-09-24 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | WS_FTP Server |
Version: 8.8.0 ≤ Version: 8.7.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ws_ftp_server",
"vendor": "progress",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "custom"
},
{
"lessThan": "8.7.4",
"status": "affected",
"version": "8.7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:16:29.536741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:19:21.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"WS_FTP Server File System"
],
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThan": "8.7.4",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-27T14:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.\u0026nbsp; An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.\u0026nbsp; Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.\u003cbr\u003e"
}
],
"value": "\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.\u00a0 An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.\u00a0 Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:20:51.807Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WS_FTP Server Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2023-42657",
"datePublished": "2023-09-27T14:49:03.093Z",
"dateReserved": "2023-09-12T13:30:29.571Z",
"dateUpdated": "2024-09-24T14:19:21.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40048 (GCVE-0-2023-40048)
Vulnerability from cvelistv5
Published
2023-09-27 14:51
Modified
2024-09-23 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
In WS_FTP Server version prior to 8.8.2,
the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | WS_FTP Server |
Version: 8.8.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T14:46:05.231463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T15:06:42.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Server Manager"
],
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Cristian Mocanu - Deloitte"
}
],
"datePublic": "2023-09-27T14:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nIn WS_FTP Server version prior to 8.8.2,\n\n the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function."
}
],
"value": "\n\n\nIn WS_FTP Server version prior to 8.8.2,\n\n the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:23:59.241Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2023-40048",
"datePublished": "2023-09-27T14:51:35.413Z",
"dateReserved": "2023-08-08T19:44:41.112Z",
"dateUpdated": "2024-09-23T15:06:42.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40049 (GCVE-0-2023-40049)
Vulnerability from cvelistv5
Published
2023-09-27 14:52
Modified
2024-09-24 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
In WS_FTP Server version prior to 8.8.2,
an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | WS_FTP Server |
Version: 8.8.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ws_ftp_server",
"vendor": "progress",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:37:24.686921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:38:11.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Cristian Mocanu - Deloitte"
}
],
"datePublic": "2023-09-27T14:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nIn WS_FTP Server version prior to 8.8.2,\n\n an unauthenticated user could enumerate files under the \u0027WebServiceHost\u0027 directory listing."
}
],
"value": "\n\n\nIn WS_FTP Server version prior to 8.8.2,\n\n an unauthenticated user could enumerate files under the \u0027WebServiceHost\u0027 directory listing."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:24:13.213Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WS_FTP Server Information Disclosure via Directory Listing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2023-40049",
"datePublished": "2023-09-27T14:52:04.667Z",
"dateReserved": "2023-08-08T19:44:41.112Z",
"dateUpdated": "2024-09-24T14:38:11.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40047 (GCVE-0-2023-40047)
Vulnerability from cvelistv5
Published
2023-09-27 14:50
Modified
2024-09-24 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | WS_FTP Server |
Version: 8.8.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ws_ftp_server",
"vendor": "progress",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:29:42.866762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:36:57.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Server Manager"
],
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Cristian Mocanu - Deloitte"
}
],
"datePublic": "2023-09-27T14:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn WS_FTP Server version prior to 8.8.2,\u0026nbsp;\u003c/span\u003ea stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server\u0027s Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.\u0026nbsp; Once the cross-site scripting payload is successfully stored,\u0026nbsp;\u0026nbsp;an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n\u003c/p\u003e\n\n"
}
],
"value": "\n\n\nIn WS_FTP Server version prior to 8.8.2,\u00a0a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server\u0027s Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.\u00a0 Once the cross-site scripting payload is successfully stored,\u00a0\u00a0an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:23:44.201Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/ws_ftp"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WS_FTP Server Stored Cross-Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2023-40047",
"datePublished": "2023-09-27T14:50:55.329Z",
"dateReserved": "2023-08-08T19:44:41.112Z",
"dateUpdated": "2024-09-24T14:36:57.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…