Progress Ws Ftp Server vulnerabilities
28 known vulnerabilities affecting progress/ws_ftp_server.
Total CVEs
28
CISA KEV
1
actively exploited
Public exploits
9
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH11MEDIUM15
Vulnerabilities
Page 2 of 2
CVE-2023-40048P4MEDIUMCVSS 6.5fixed in 8.8.22023-09-27
CVE-2023-40048 [MEDIUM] CWE-352 CVE-2023-40048: In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-
In WS_FTP Server version prior to 8.8.2,
the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
nvd
CVE-2023-40049P4MEDIUMCVSS 5.3fixed in 8.8.22023-09-27
CVE-2023-40049 [MEDIUM] CWE-200 CVE-2023-40049: In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under th
In WS_FTP Server version prior to 8.8.2,
an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
nvd
CVE-2004-1885P4HIGHCVSS 7.2v4.0.22004-12-31
CVE-2004-1885 [HIGH] CVE-2004-1885: Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYST
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
nvd
CVE-2019-12143P4MEDIUMCVSS 5.3fixed in 8.6.12019-06-11
CVE-2019-12143 [MEDIUM] CWE-22 CVE-2019-12143: A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 20
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
nvd
CVE-2023-40045P4MEDIUMCVSS 6.1fixed in 8.7.4≥ 8.8, < 8.8.22023-09-27
CVE-2023-40045 [MEDIUM] CWE-79 CVE-2023-40045: In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vuln
In WS_FTP Server versions prior to 8.7.4 and 8.8.2,
a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
nvd
CVE-2024-1474P4MEDIUMCVSS 6.1fixed in 8.8.52024-02-21
CVE-2024-1474 [MEDIUM] CWE-79 CVE-2024-1474: In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified o
In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.
nvd
CVE-2004-1848P4MEDIUMCVSS 5.0v1.0.1v1.0.2+16 more2004-12-31
CVE-2004-1848 [MEDIUM] CWE-399 CVE-2004-1848: Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption)
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
nvd
CVE-2023-40047P4MEDIUMCVSS 4.8fixed in 8.8.22023-09-27
CVE-2023-40047 [MEDIUM] CWE-79 CVE-2023-40047: In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists
In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker cou
nvd
← Previous2 / 2