Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentProgressSoftwareVULNRICHMENT:CVE-2023-40048
HistorySep 27, 2023 - 2:51 p.m.

CVE-2023-40048 WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability

2023-09-2714:51:35
CWE-352
ProgressSoftware
github.com
1
ws_ftp server
csrf
vulnerability
version 8.8.2

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

AI Score

7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

In WS_FTP Server version prior to 8.8.2,

the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.

Related

prion 1
cvelist 1
cve 1
nvd 1
nessus 1
thn 1
rapid7blog 1
prion
prion
Cross site request forgery (csrf)
2023-09-27 15:19:00
cvelist
cvelist
CVE-2023-40048 WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability
2023-09-27 14:51:35
cve
cve
CVE-2023-40048
2023-09-27 15:19:00
nvd
nvd
CVE-2023-40048
2023-09-27 15:19:00
nessus
nessus
Progress WS_FTP Server < 8.8.2 Multiple Vulnerabilities
2023-10-04 00:00:00
thn
thn
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
2023-09-29 06:15:00
rapid7blog
rapid7blog
Critical Vulnerabilities in WS_FTP Server
2023-09-29 13:33:05

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

AI Score

7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2023-40048
prion1cvelist1cve1nvd1nessus1thn1rapid7blog1