CVE-2023-42659

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:22

Type Values Removed Values Added
References () https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023 - Vendor Advisory () https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023 - Vendor Advisory
References () https://www.progress.com/ws_ftp - Product () https://www.progress.com/ws_ftp - Product
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 9.1

14 Nov 2023, 20:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Progress
Progress ws Ftp Server
References () https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023 - () https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023 - Vendor Advisory
References () https://www.progress.com/ws_ftp - () https://www.progress.com/ws_ftp - Product
CWE CWE-434
CPE cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

07 Nov 2023, 16:17

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-07 16:15

Updated : 2024-11-21 08:22


NVD link : CVE-2023-42659

Mitre link : CVE-2023-42659

CVE.ORG link : CVE-2023-42659


JSON object : View

Products Affected

progress

  • ws_ftp_server
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type