CVE-2019-12146: Path Traversal
First published: Tue Jun 11 2019(Updated: )
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ipswitch Ws Ftp Server | <8.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-12146?
CVE-2019-12146 is a Directory Traversal issue discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1.
What is the severity of CVE-2019-12146?
The severity of CVE-2019-12146 is critical with a CVSS score of 9.1.
How does CVE-2019-12146 affect Ipswitch WS FTP Server?
CVE-2019-12146 affects Ipswitch WS FTP Server 2018 before version 8.6.1.
How can attackers exploit CVE-2019-12146?
Attackers can abuse the SCP listener by crafting strings with specific patterns to write files and create directories outside of their authorized directory.
Is there a fix available for CVE-2019-12146?
Yes, a fix is available for CVE-2019-12146. Users should update their Ipswitch WS FTP Server to version 8.6.1 or later.
- collector/nvd-index
- vendor/ipswitch
- canonical/ipswitch ws ftp server