CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9999 – Multi-Factor Authentication Bypass in Progress WS_FTP Server
https://notcve.org/view.php?id=CVE-2024-9999
12 Nov 2024 — In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. • https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2024 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7745 – Multi-Factor Authentication Bypass in Progress WS_FTP Server
https://notcve.org/view.php?id=CVE-2024-7745
28 Aug 2024 — In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. • https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-August-2024 • CWE-290: Authentication Bypass by Spoofing CWE-304: Missing Critical Step in Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7744 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server
https://notcve.org/view.php?id=CVE-2024-7744
28 Aug 2024 — In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:) This vulnerability... • https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-August-2024 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •