First published: Tue Jun 11 2019(Updated: )
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Progress Ws Ftp Server | <8.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-12143.
The severity of CVE-2019-12143 is medium with a CVSS score of 5.3.
The affected software is Progress ipswitch WS_FTP Server 2018 before 8.6.1.
The vulnerability is a Directory Traversal issue in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1, allowing an attacker to disclose usernames and filenames.
Yes, a fix is available. Please refer to the vendor's documentation for further information.