CVE-2023-24029

Published: Feb 3, 2023Modified: Mar 26, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.

Affected (1)

Products: Progress: Ws Ftp Server

Progress

1 product

Ws Ftp Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Progress Ws Ftp Server	Before 8.8

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://community.progress.com/s/article/WS-FTP-Server-Critical-Security-Product-Alert-Bulletin-January-2023?popup=true

Source: cve@mitre.org

Vendor Advisory

https://www.progress.com/ws_ftp

Source: cve@mitre.org

ProductVendor Advisory

https://community.progress.com/s/article/WS-FTP-Server-Critical-Security-Product-Alert-Bulletin-January-2023?popup=true

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.progress.com/ws_ftp

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.