Lucene search
ProgressSoftwareCVE-2024-7745HistoryAug 28, 2024 - 5:15 p.m.
CVE-2024-7745
2024-08-2817:15:11
CWE-290
CWE-304
CWE-287
ProgressSoftware
web.nvd.nist.gov
29
ws_ftp server
vulnerability
multi-factor authentication
web transfer module
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
31.0%
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
Affected configurations
Node
progressws_ftp_serverRange<8.8.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| progress | ws_ftp_server | * | cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server
2024-08-28 16:31:03
nvd
nvd
CVE-2024-7745
2024-08-28 17:15:11
cvelist
cvelist
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server
2024-08-28 16:31:03
nessus
nessus
Progress WS_FTP Server < 8.8.8 Multiple Vulnerabilities
2024-09-05 00:00:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
31.0%
Related for CVE-2024-7745