PT-2023-27234 · Ipswitch · Ws Ftp Server

Published

2023-09-27

Updated

2023-09-27

CVE-2023-40048

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions WS FTP Server versions prior to 8.8.2

Description The WS FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS FTP Server administrative function. This issue affects WS FTP Server versions prior to 8.8.2.

Recommendations For WS FTP Server versions prior to 8.8.2, update to version 8.8.2 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent cross-site request forgery (CSRF) attacks on the WS FTP Server Manager interface.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-40048

Affected Products

Ws Ftp Server

PT-2023-27234 · Ipswitch · Ws Ftp Server

CVE-2023-40048

Weakness Enumeration

Related Identifiers

Affected Products

References · 7