Lucene search

ProgressSoftwareVULNRICHMENT:CVE-2023-40046

HistorySep 27, 2023 - 2:50 p.m.

CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface

2023-09-2714:50:18

CWE-89

ProgressSoftware

github.com

ws_ftp server

sql injection

vulnerability

manager interface

database elements

cve-2023-40046

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

AI Score

7.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In WS_FTP Server versions prior to 8.7.4 and 8.8.2,

a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

References

community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

www.progress.com/ws_ftp

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

AI Score

7.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-40046