Pharos software is NOT susceptible to the new WS_FTP Vulnerability - October 2023
- 05 Apr 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Pharos software is NOT susceptible to the new WS_FTP Vulnerability - October 2023
- Updated on 05 Apr 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Background
Recently, 8 security vulnerabilities were discovered inside the WS_FTP tool developed by Progress Software:
CVE | Description | NVD CVSSv3 Score |
|---|---|---|
WS_FTP.NET Deserialization Vulnerability in Ad Hoc Transfer Module | 8.8 | |
WS_FTP Directory Traversal Vulnerability | 9.6 | |
WS_FTP Reflected Cross-Site Scripting (XSS) Vulnerability | 6.1 | |
WS_FTP SQL Injection Vulnerability | 7.2 | |
WS_FTP Stored XSS Vulnerability | 4.8 | |
WS_FTP Cross-Site Request Forgery Vulnerability | 6.5 | |
WS_FTP Reflected XSS Vulnerability | 6.1 | |
WS_FTP Information Disclosure Vulnerability | 5.3 |
Two of these vulnerabilities are rated as "Critical" due to the relative ease of launching a remote execution attack. Patches are currently available from Progress Software for at least some of these issues.
Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.
Pharos Software and WS_FTP
Pharos has reviewed all our software, 3rd party tools/libraries, internal and cloud infrastructure. Pharos does NOT use the WS_FTP tool anywhere.
Was this article helpful?