| CVE ID | CVE-2024-7744 |
| CVSS SCORE | 4.3, AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| AFFECTED VENDORS |
Progress Software |
| AFFECTED PRODUCTS |
WS_FTP |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WS_FTP. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileHandler module. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. |
| ADDITIONAL DETAILS |
Progress Software has issued an update to correct this vulnerability. More details can be found at:
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-August-2024 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Le Ngoc Anh (@L3ng0c4nh) of Sun* CSR and @dieulink of NCSC VietNam |
