PT-2023-27234 · Ipswitch · Ws Ftp Server

Publicado

2023-09-27

Atualizado

2023-09-27

CVE-2023-40048

CVSS v3.1

6.8

Média

Vetor

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.8.2

Description The WS FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS FTP Server administrative function. This issue affects WS FTP Server versions prior to 8.8.2.

Recommendations For WS FTP Server versions prior to 8.8.2, update to version 8.8.2 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent cross-site request forgery (CSRF) attacks on the WS FTP Server Manager interface.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2023-40048

Produtos afetados

Ws Ftp Server

PT-2023-27234 · Ipswitch · Ws Ftp Server

CVE-2023-40048

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7