Lucene search

ProgressSoftwareCVELIST:CVE-2023-40046

HistorySep 27, 2023 - 2:50 p.m.

CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface

2023-09-2714:50:18

CWE-89

ProgressSoftware

www.cve.org

ws_ftp server

sql injection

version 8.7.4

version 8.8.2

administrative interface

database vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

In WS_FTP Server versions prior to 8.7.4 and 8.8.2,

a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Server Manager"
    ],
    "product": "WS_FTP Server",
    "vendor": "Progress Software Corporation",
    "versions": [
      {
        "lessThan": "8.8.2",
        "status": "affected",
        "version": "8.8.0",
        "versionType": "semver"
      },
      {
        "lessThan": "8.7.4",
        "status": "affected",
        "version": "8.7.0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

www.progress.com/ws_ftp

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

Related for CVELIST:CVE-2023-40046