Vulnerabilities > Progress > WS FTP Server > 8.8.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-28 | CVE-2024-7744 | Path Traversal vulnerability in Progress WS FTP Server In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:) | 6.5 |
2024-08-28 | CVE-2024-7745 | Improper Authentication vulnerability in Progress WS FTP Server In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. | 8.1 |
2024-02-21 | CVE-2024-1474 | Cross-site Scripting vulnerability in Progress WS FTP Server In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface. | 6.1 |