Date | Breach Details | Hosted~FTP~ Response |
2023-01-19 | Exploitation of Control Web Panel CVE-2022-44877
“The vulnerability arises from a condition that allows attackers to run bash commands when double quotes are used to log incorrect entries to the system. Successful exploitation allows remote attackers to execute arbitrary operating system commands via shell metacharacters in the login parameter” |
Hosted~FTP~ does not use Control Web Panel in our entire infrastructure and is not effected by the exploit. |
2023-01-19 | CVE-2022-47966: Observed Exploitation of Critical ManageEngine Vulnerability
“A pre-authentication remote code execution (RCE) vulnerability impacting at least 24 on-premise ManageEngine products. CVE-2022-47966 stems from a vulnerable third-party dependency on Apache Santuario. |
Hosted~FTP~ does not use ManageEngine’s products in any of our infrastructure and is not impacted by this vulnerability. |
2021-12-09 | CVE-2021-44228: Apache Log4J Vulnerability
“Log4Shell is a Java Naming and Directory Interface™ (JNDI) injection vulnerability which can allow remote code execution (RCE). By including untrusted data (such as malicious payloads) in the logged message in an affected Apache Log4j version, an attacker can establish a connection to a malicious server via JNDI lookup. The result: full access to your system from anywhere in the world.” |
Hosted~FTP~ does not have Log4J2 in any of our Java applications and are not exposed in any way to this type of vulnerability. |