Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerabilities Affecting Progress WS_FTP Server software

29 September 2023

Progress has released security updates to address critical vulnerabilities (CVE-2023-40044 and CVE-2023-42657) in their WS_FTP Server software, a secure file transfer software package.

The critical vulnerabilities are:

  • CVE-2023-40044: Successful exploitation of this deserialisation vulnerability could allow unauthenticated attackers to execute remote commands on the underlying WS_FTP Server operating system. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.


  • CVE-2023-42657: Successful exploitation of this directory traversal vulnerability could allow unauthenticated attackers to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.9 out of 10.

Users and administrators of affected product versions are advised to upgrade to the latest product version immediately.

More information is available here:

https://www.bleepingcomputer.com/news/security/progress-warns-of-maximum-severity-ws-ftp-server-vulnerability/

https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023

Back to top