CVE-2002-0978

Name of the Vulnerable Software and Affected Versions: Microsoft File Transfer Manager (FTM) versions prior to 4.0

Description: The issue allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack. This is achieved by modifying the TGT and TGN parameters in a call to the Persist function.

Recommendations: For versions prior to 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Persist function to minimize the risk of exploitation. Avoid using the TGT and TGN parameters in the affected API endpoint until the issue is resolved.