Statement on CVE 2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability

November 28, 2023

Information

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.

Risk

Low

Response

Melissa Data Corporation (“Melissa”) was not impacted by this WS_FTP Server Vulnerability as we do not utilize the affected version for any Melissa commercial web services or products.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.