CVE-2023-40049 MEDIUM

CVE-2023-40049: WS_FTP Server Information Disclosure via Directory Listing

Vendor Progress Software Corporation
Product WS_FTP Server
Weakness CWE-200 · Info exposure
Published September 27, 2023
Last update September 24, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.

Key dates

02Disclosure timeline

September 27, 2023 CVE published
September 24, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-40002 WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure CVE-2023-45131 Unauthenticated access to new private chat messages in Discourse CVE-2022-42883 WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins CVE-2021-1562 Cisco BroadWorks Application Server Information Disclosure Vulnerability