Pharos software is NOT susceptible to the new WS_FTP Vulnerability - October 2023
  • 05 Apr 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Pharos software is NOT susceptible to the new WS_FTP Vulnerability - October 2023

  • Dark
    Light
  • PDF

Article summary

Background

Recently, 8 security vulnerabilities were discovered inside the WS_FTP tool developed by Progress Software: 

CVE

Description

NVD CVSSv3 Score

CVE-2023-40044

WS_FTP.NET Deserialization Vulnerability in Ad Hoc Transfer Module

8.8

CVE-2023-42657

WS_FTP Directory Traversal Vulnerability

9.6

CVE-2023-40045

WS_FTP Reflected Cross-Site Scripting (XSS) Vulnerability

6.1

CVE-2023-40046

WS_FTP SQL Injection Vulnerability

7.2

CVE-2023-40047

WS_FTP Stored XSS Vulnerability

4.8

CVE-2023-40048

WS_FTP Cross-Site Request Forgery Vulnerability

6.5

CVE-2022-27665

WS_FTP Reflected XSS Vulnerability

6.1

CVE-2023-40049

WS_FTP Information Disclosure Vulnerability

5.3

Two of these vulnerabilities are rated as "Critical" due to the relative ease of launching a remote execution attack. Patches are currently available from Progress Software for at least some of these issues.

Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.

Pharos Software and WS_FTP

Pharos has reviewed all our software, 3rd party tools/libraries, internal and cloud infrastructure. Pharos does NOT use the WS_FTP tool anywhere. 


Was this article helpful?


Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.