Ws Ftp Server
Approved changes feed: RSS · Atom
cpe:2.3:a:progress_software_corporation:ws_ftp_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Progress Software Corporation (936a4410-8e02-5d5c-938a-4a1509e8d7ef) |
|---|---|
| Product | Ws Ftp Server (e656b659-f1a4-530b-9b33-e349989fdb15) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9999 |
vulnerable | 2026-06-03 14:58:23.066534 |
Multi-Factor Authentication Bypass in Progress WS_FTP Server
MEDIUM (6.5)
In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
Published: 2024-11-12T16:33:00.600Z
Updated: 2024-11-12T17:19:06.940Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7745 |
vulnerable | 2026-06-03 14:58:07.091390 |
Multi-Factor Authentication Bypass in Progress WS_FTP Server
MEDIUM (6.5)
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
Published: 2024-08-28T16:31:03.604Z
Updated: 2024-08-28T17:43:13.099Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7744 |
vulnerable | 2026-06-03 14:58:07.089925 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server
MEDIUM (6.5)
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.
An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
Published: 2024-08-28T16:30:14.787Z
Updated: 2024-08-28T17:50:10.933Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-42659 |
vulnerable | 2026-06-03 14:52:53.858489 |
WS_FTP Server Arbitrary File Upload
CRITICAL (9.1)
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.
Published: 2023-11-07T15:13:40.001Z
Updated: 2024-09-04T15:24:41.092Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-42657 |
vulnerable | 2026-06-03 14:52:53.854587 |
WS_FTP Server Directory Traversal
CRITICAL (9.9)
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
Published: 2023-09-27T14:49:03.093Z
Updated: 2024-09-24T14:19:21.640Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40049 |
vulnerable | 2026-06-03 14:52:42.439991 |
WS_FTP Server Information Disclosure via Directory Listing
MEDIUM (5.3)
In WS_FTP Server version prior to 8.8.2,
an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
Published: 2023-09-27T14:52:04.667Z
Updated: 2024-09-24T14:38:11.547Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40048 |
vulnerable | 2026-06-03 14:52:42.439554 |
WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability
MEDIUM (6.8)
In WS_FTP Server version prior to 8.8.2,
the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
Published: 2023-09-27T14:51:35.413Z
Updated: 2024-09-23T15:06:42.221Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40047 |
vulnerable | 2026-06-03 14:52:42.439201 |
WS_FTP Server Stored Cross-Site Scripting Vulnerability
HIGH (8.3)
In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
Published: 2023-09-27T14:50:55.329Z
Updated: 2024-09-24T14:36:57.450Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40046 |
vulnerable | 2026-06-03 14:52:42.438635 |
WS_FTP Server SQL Injection via Administrative Interface
HIGH (8.2)
In WS_FTP Server versions prior to 8.7.4 and 8.8.2,
a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
Published: 2023-09-27T14:50:18.549Z
Updated: 2024-09-23T15:07:01.880Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40045 |
vulnerable | 2026-06-03 14:52:42.438125 |
WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability
HIGH (8.3)
In WS_FTP Server versions prior to 8.7.4 and 8.8.2,
a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
Published: 2023-09-27T14:49:45.334Z
Updated: 2024-09-24T14:25:59.931Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40044 |
vulnerable | 2026-06-03 14:52:42.436710 |
WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability
CRITICAL (10)
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
Published: 2023-09-27T14:48:08.190Z
Updated: 2025-10-21T23:05:36.645Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.