Cross-Site Request Forgery Vulnerability in Progress WS_FTP Server
CVE-2022-36968

4.3MEDIUM

Key Information:

Vendor: Progress
Status: Ipswitch Ws Ftp Server
Vendor: CVE Published:; 2 August 2022

Summary

The WS_FTP Server developed by Progress contains a vulnerability due to the absence of a nonce in forms within its administrative interface. This oversight may allow malicious actors to exploit the application through cross-site request forgery (CSRF) attacks, potentially leading to unauthorized actions being performed without the consent of the authenticated user. It is crucial for users of versions prior to 8.7.3 to address this vulnerability to maintain the integrity and security of their systems.

References

https://www.progress.com/ws_ftp

x_refsource_MISC

https://community.progress.com/s/article/WS-FTP-Server-Cr...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2022
Vulnerability Reserved
Jul 27, 2022