CVE-2022-36968

Name of the Vulnerable Software and Affected Versions In Progress WS FTP Server versions prior to 8.7.3

Description The issue concerns forms within the administrative interface that did not include a nonce, which is used to mitigate the risk of cross-site request forgery (CSRF) attacks. CSRF attacks involve tricking a user into performing unintended actions on a web application that the user is authenticated to.

Recommendations For versions prior to 8.7.3, update to version 8.7.3 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to detect and prevent CSRF attacks, such as manually adding a nonce to forms or using other anti-CSRF techniques.