Vulnerabilities > Progress > WS FTP Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-28 | CVE-2024-7745 | Improper Authentication vulnerability in Progress WS FTP Server In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. | 8.1 |
| 2023-11-07 | CVE-2023-42659 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. | 8.8 |
| 2023-09-27 | CVE-2023-40044 | Deserialization of Untrusted Data vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 8.8 |
| 2023-09-27 | CVE-2023-40046 | SQL Injection vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. | 7.2 |
| 2023-02-03 | CVE-2023-24029 | Incorrect Authorization vulnerability in Progress WS FTP Server In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | 7.2 |