An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature.
References
Link | Resource |
---|---|
https://docs.ipswitch.com/WS_FTP_Server2018/ReleaseNotes/index.htm#49242.htm | Release Notes Vendor Advisory |
Configurations
Information
Published : 2019-06-11 14:29
Updated : 2019-06-12 09:28
NVD link : CVE-2019-12144
Mitre link : CVE-2019-12144
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
ipswitch
- ws_ftp_server