Skip to main content

Ws Ftp Server CVE-2023-40049

MEDIUM
Information Exposure (CWE-200)
2023-09-27 security@progress.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 27, 2023 - 15:19 nvd
MEDIUM 5.3

DescriptionNVD

In WS_FTP Server version prior to 8.8.2,

an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.

AnalysisAI

In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. Affected products include: Progress Ws Ftp Server. Version information: prior to 8.8.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2023-40044 HIGH POC
8.8 Sep 27

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization v

CVE-2019-12144 CRITICAL
9.8 Jun 11

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated critical severit

CVE-2023-42657 CRITICAL
9.6 Sep 27

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. Rated critical s

CVE-2019-12146 CRITICAL
9.1 Jun 11

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rat

CVE-2023-42659 HIGH
8.8 Nov 07

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. Rated high sev

CVE-2024-7745 HIGH
8.1 Aug 28

In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Tra

CVE-2019-12145 HIGH
7.5 Jun 11

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rat

CVE-2023-40046 HIGH
7.2 Sep 27

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager in

CVE-2023-24029 HIGH
7.2 Feb 03

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the admini

CVE-2024-7744 MEDIUM
6.5 Aug 28

In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path

CVE-2023-40048 MEDIUM
6.5 Sep 27

In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSR

CVE-2024-1474 MEDIUM
6.1 Feb 21

In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user suppl

Share

CVE-2023-40049 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy