CVE-2019-12146

Name of the Vulnerable Software and Affected Versions Progress ipswitch WS FTP Server versions prior to 8.6.1

Description A Directory Traversal issue was discovered in SSHServerAPI.dll. Attackers can abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.

Recommendations For versions prior to 8.6.1, update to version 8.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SCP listener to minimize the risk of exploitation.