In addition to seven other bugs, Progress Software has issued hotfixes for a significant security hole in the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server manager interface.
The bug, identified as CVE-2023-40044, has a maximum severity CVSS score of 10.0. The bug affects all releases of the software.
“In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a.NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system,” the business noted in an alert.
The vulnerability was found and reported by Assetnote security researchers Sean Yeoh and Shubham Shah read more Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.