Vulnerabilities > Melag > FTP Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2021-41635 | Incorrect Default Permissions vulnerability in Melag FTP Server 2.2.0.4 When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. | 8.8 |
| 2022-06-24 | CVE-2021-41637 | Incorrect Default Permissions vulnerability in Melag FTP Server 2.2.0.4 Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. | 7.1 |
| 2022-06-24 | CVE-2021-41638 | Improper Authentication vulnerability in Melag FTP Server 2.2.0.4 The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. | 7.5 |