Lucene search
HistorySep 27, 2023 - 3:19 p.m.
CVE-2023-40048
ws_ftp server
csrf
vulnerability
administrative function
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
17.9%
In WS_FTP Server version prior to 8.8.2,
the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
Affected configurations
Node
progressws_ftp_serverRange<8.8.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| progress | ws_ftp_server | * | cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2023-09-27 15:19:00
cvelist
cvelist
CVE-2023-40048 WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability
2023-09-27 14:51:35
vulnrichment
vulnrichment
CVE-2023-40048 WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability
2023-09-27 14:51:35
cve
cve
CVE-2023-40048
2023-09-27 15:19:00
nessus
nessus
Progress WS_FTP Server < 8.8.2 Multiple Vulnerabilities
2023-10-04 00:00:00
thn
thn
rapid7blog
rapid7blog
Critical Vulnerabilities in WS_FTP Server
2023-09-29 13:33:05
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
17.9%
Related for NVD:CVE-2023-40048