216.73.217.64

CVE-2024-7744

· Published 28/08/2024 17:15 · Modified 04/09/2024 17:57

Labels: CVE-2024-7744 2024-08-28CVE-2024-7744CWE-22[email protected]

Essential information

Published
28/08/2024 17:15
Modified
04/09/2024 17:57
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.   An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
progress / ws ftp server cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

References