Lucene search

MitreCVE-2022-36968

HistoryAug 02, 2022 - 10:15 p.m.

CVE-2022-36968

2022-08-0222:15:08

CWE-352

mitre

web.nvd.nist.gov

cve-2022-36968

ws_ftp server

csrf

cross-site request forgery

security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.

Affected configurations

Nvd

Node

progressipswitch_ws_ftp_serverRange<8.7.3

VendorProductVersionCPE
progressipswitch_ws_ftp_server*cpe:2.3:a:progress:ipswitch_ws_ftp_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	ipswitch_ws_ftp_server	*	cpe:2.3:a:progress:ipswitch_ws_ftp_server::::::::

References

community.progress.com/s/article/WS-FTP-Server-Critical-Security-Product-Alert-Bulletin-June-2022

www.progress.com/ws_ftp

Social References

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Related for CVE-2022-36968