all InfoSec news
CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
Cyber Exposure Alerts www.tenable.com
Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10
Background
On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server, a secure file transfer solution, addressing eight vulnerabilities. Of the eight vulnerabilities, two are rated as critical:
CVE | Description | Vendor Assigned CVSSv3 | VPR* | Severity |
---|---|---|---|---|
CVE-2023-40044 | WS_FTP .NET Deserialization Vulnerability in Ad Hoc Transfer Module | 10.0 | 9.2 | Critical |
CVE-2023-42657 … |
advisory critical cve cvss file file transfer flaws patches product progress progress software protocol rating september server software solution transfer vulnerabilities ws_ftp