exploitDog

CVE-2023-42659

Опубликовано: 07 нояб. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 8.8

EPSS Низкий

Описание

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.

Ссылки

https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
Vendor Advisory
https://www.progress.com/ws_ftp
Product
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
Vendor Advisory
https://www.progress.com/ws_ftp
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

Версия до 8.7.6 (исключая)

cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

Версия от 8.8.0 (включая) до 8.8.4 (исключая)

EPSS

Процентиль: 10%

0.00036

Низкий

9.1 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434

EPSS

Процентиль: 10%

0.00036

Низкий

9.1 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434