Lucene search
ProgressSoftwareCVELIST:CVE-2024-7745HistoryAug 28, 2024 - 4:31 p.m.
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server
2024-08-2816:31:03
CWE-304
CWE-290
ProgressSoftware
www.cve.org
3
cve-2024-7745
multi-factor authentication bypass
ws_ftp server
web transfer module
second-factor verification
username and password
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
31.0%
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WS_FTP Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "8.8.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server
2024-08-28 16:31:03
nvd
nvd
CVE-2024-7745
2024-08-28 17:15:11
cve
cve
CVE-2024-7745
2024-08-28 17:15:11
nessus
nessus
Progress WS_FTP Server < 8.8.8 Multiple Vulnerabilities
2024-09-05 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
31.0%
Related for CVELIST:CVE-2024-7745