Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7744

In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)

Published

2024-08-28T17:15:11.380

Last Modified

2024-09-04T17:57:51.657

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22
CWE-73
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	ws_ftp_server	< 8.8.8	Yes

References

https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-August-2024 Vendor Advisory ([email protected])
https://www.progress.com/ftp-server Product ([email protected])