Lucene search

[email protected]NVD:CVE-2023-40046

HistorySep 27, 2023 - 3:18 p.m.

CVE-2023-40046

2023-09-2715:18:58

CWE-89

[email protected]

web.nvd.nist.gov

ws_ftp server

sql injection

vulnerability

database

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

In WS_FTP Server versions prior to 8.7.4 and 8.8.2,

a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

Affected configurations

Nvd

Node

progressws_ftp_serverRange<8.7.4

progressws_ftp_serverRange8.8–8.8.2

VendorProductVersionCPE
progressws_ftp_server*cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	ws_ftp_server	*	cpe:2.3:a:progress:ws_ftp_server::::::::

References

community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

www.progress.com/ws_ftp

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for NVD:CVE-2023-40046

prion1 cvelist1 vulnrichment1 cve1 nessus1 thn1 rapid7blog1