CVE-2022-36968

2022-08-0221:58:52

mitre

www.cve.org

ws_ftp server

csrf

insecure forms

cve-2022-36968

AI Score

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.

References

community.progress.com/s/article/WS-FTP-Server-Critical-Security-Product-Alert-Bulletin-June-2022

www.progress.com/ws_ftp