Vulnerabilities > Progress > WS FTP Server > 8.8.2

DATE CVE VULNERABILITY TITLE RISK
2024-08-28 CVE-2024-7744 Path Traversal vulnerability in Progress WS FTP Server
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.   An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
network
low complexity
progress CWE-22
6.5
2024-08-28 CVE-2024-7745 Improper Authentication vulnerability in Progress WS FTP Server
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
network
low complexity
progress CWE-287
8.1
2024-02-21 CVE-2024-1474 Cross-site Scripting vulnerability in Progress WS FTP Server
In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.
network
low complexity
progress CWE-79
6.1
2023-11-07 CVE-2023-42659 Unrestricted Upload of File with Dangerous Type vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified.
network
low complexity
progress CWE-434
8.8