Progress: >> Ws Ftp Server >> 8.8.4 Security Vulnerabilities
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.
An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-28
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-28
In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-21