exploitDog

CVE-2023-24029

Опубликовано: 03 фев. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.

Ссылки

https://community.progress.com/s/article/WS-FTP-Server-Critical-Security-Product-Alert-Bulletin-January-2023?popup=true
Vendor Advisory
https://www.progress.com/ws_ftp
Product
Vendor Advisory
https://community.progress.com/s/article/WS-FTP-Server-Critical-Security-Product-Alert-Bulletin-January-2023?popup=true
Vendor Advisory
https://www.progress.com/ws_ftp
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

Версия до 8.8 (исключая)

EPSS

Процентиль: 44%

0.00217

Низкий

7.2 High

CVSS3

Дефекты

CWE-863

CWE-863

Связанные уязвимости

GHSA-pc24-6vhp-r88j

CVSS3: 7.2

github

около 3 лет назад

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.

EPSS

Процентиль: 44%

0.00217

Низкий

7.2 High

CVSS3

Дефекты

CWE-863

CWE-863