all InfoSec news
CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
Cyber Exposure Alerts www.tenable.com
Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10
Background
On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server, a secure file transfer solution, addressing eight vulnerabilities. Of the eight vulnerabilities, two are rated as critical:
CVE
Description
Vendor Assigned CVSSv3
VPR*
Severity
CVE-2023-40044
WS_FTP .NET Deserialization Vulnerability in Ad Hoc Transfer Module
10.0
9.2
Critical
CVE-2023-42657 …
advisory critical cve cvss file file transfer flaws patches product progress progress software protocol rating september server software solution transfer vulnerabilities ws_ftp