all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server

Add to bookmarks
Oct. 2, 2023, 5:11 p.m. | Satnam Narang

Cyber Exposure Alerts www.tenable.com

Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10


Background


On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server, a secure file transfer solution, addressing eight vulnerabilities. Of the eight vulnerabilities, two are rated as critical:



CVE
Description
Vendor Assigned CVSSv3
VPR*
Severity
CVE-2023-40044
WS_FTP .NET Deserialization Vulnerability in Ad Hoc Transfer Module
10.0
9.2
Critical
CVE-2023-42657 …

advisory critical cve cvss file file transfer flaws patches product progress progress software protocol rating september server software solution transfer vulnerabilities ws_ftp

Visit resource

More from www.tenable.com / Cyber Exposure Alerts

CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability 2 days, 12 hours ago | www.tenable.com
Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs 4 days, 7 hours ago | www.tenable.com
access advisory automation best practices +22
CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server 5 days, 17 hours ago | www.tenable.com
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action … 6 days, 16 hours ago | www.tenable.com
abusing action attention azure +16
CVE-2024-24919: Check Point Security Gateway Information Disclosure Zero-Day Exploited in the Wild 1 week, 4 days ago | www.tenable.com
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) 3 weeks, 5 days ago | www.tenable.com
addresses critical critical vulnerability cve +15
CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities 1 month ago | www.tenable.com
big big-ip big-ip next central manager centralized management +18
CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 1 month, 2 weeks ago | www.tenable.com
adaptive security arcanedoor blog called +15
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 1 month, 2 weeks ago | www.tenable.com
advisory april crushftp customers +23

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com