Vulnerability Details CVE-2019-12146
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.7%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
Products affected by CVE-2019-12146
-
cpe:2.3:a:ipswitch:ws_ftp_server:1.0.1
-
cpe:2.3:a:ipswitch:ws_ftp_server:1.0.1.e
-
cpe:2.3:a:ipswitch:ws_ftp_server:1.0.2
-
cpe:2.3:a:ipswitch:ws_ftp_server:1.0.2.e
-
cpe:2.3:a:ipswitch:ws_ftp_server:1.0.3
-
cpe:2.3:a:ipswitch:ws_ftp_server:1.0.4
-
cpe:2.3:a:ipswitch:ws_ftp_server:1.0.5
-
cpe:2.3:a:ipswitch:ws_ftp_server:2.0
-
cpe:2.3:a:ipswitch:ws_ftp_server:2.0.1
-
cpe:2.3:a:ipswitch:ws_ftp_server:2.0.2
-
cpe:2.3:a:ipswitch:ws_ftp_server:2.0.3
-
cpe:2.3:a:ipswitch:ws_ftp_server:2.0.4
-
cpe:2.3:a:ipswitch:ws_ftp_server:3.0
-
cpe:2.3:a:ipswitch:ws_ftp_server:3.1
-
cpe:2.3:a:ipswitch:ws_ftp_server:3.1.1
-
cpe:2.3:a:ipswitch:ws_ftp_server:3.1.2
-
cpe:2.3:a:ipswitch:ws_ftp_server:3.1.3
-
cpe:2.3:a:ipswitch:ws_ftp_server:3.4
-
cpe:2.3:a:ipswitch:ws_ftp_server:4.0
-
cpe:2.3:a:ipswitch:ws_ftp_server:4.0.1
-
cpe:2.3:a:ipswitch:ws_ftp_server:4.0.2
-
cpe:2.3:a:ipswitch:ws_ftp_server:5.0.2
-
cpe:2.3:a:ipswitch:ws_ftp_server:5.0.3
-
cpe:2.3:a:ipswitch:ws_ftp_server:5.0.4
-
cpe:2.3:a:ipswitch:ws_ftp_server:5.0.5
-
cpe:2.3:a:ipswitch:ws_ftp_server:5.0.8
-
cpe:2.3:a:ipswitch:ws_ftp_server:6.1.0.0
-
cpe:2.3:a:ipswitch:ws_ftp_server:7.5.1