This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Is ASM SaaS vulnerable to critical vulnerabilities?

Posted on 12-13-2023 04:31 PM
secops123
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'd like to know if ASM SaaS is vulnerable to the following critical vulnerabilities(specifically, if ASM utilizes WS_FTP or Confluence Data Center or Servers)?

On September 14, 2023, Progress Software released a security advisory for a remote code execution (RCE) vulnerability in the WinSock File Transfer Protocol (WS_FTP) Server, which Mandiant Intelligence rates as High-risk. The vulnerability tracked as CVE-2023-40044 caused by a flaw in how the WS_FTP Server handles ad-hoc commands, which an attacker can exploit by sending a specially crafted request to the server to execute arbitrary code on the system. (CVSSv3.1 Base 9.8)

On October 4, 2023, Atlassian published a security advisory on a critical vulnerability (CVE-2023-22515) in publicly accessible Confluence Data Center and Server instances where an attacker could create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites not affected by this vulnerability. (CVSSv3.0 Base: 10)

Any guidance is appreciated

1 2 175
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
scottennis
Staff
Reply posted on --/--/---- --:-- AM

ASM does not use either of these technologies.

Posted on --/--/---- --:-- AM
ionutm
Staff
Reply posted on --/--/---- --:-- AM

@secops123 To add to Scott's comment, those technologies are not used in the ASM platform and on top of it the platform sits behind fully protected CDN and any attempts on such vulnerabilities are blocked.