Skip to main content

I'd like to know if ASM SaaS is vulnerable to the following critical vulnerabilities(specifically, if ASM utilizes WS_FTP or Confluence Data Center or Servers)?

On September 14, 2023, Progress Software released a security advisory for a remote code execution (RCE) vulnerability in the WinSock File Transfer Protocol (WS_FTP) Server, which Mandiant Intelligence rates as High-risk. The vulnerability tracked as CVE-2023-40044 caused by a flaw in how the WS_FTP Server handles ad-hoc commands, which an attacker can exploit by sending a specially crafted request to the server to execute arbitrary code on the system. (CVSSv3.1 Base 9.8)

On October 4, 2023, Atlassian published a security advisory on a critical vulnerability (CVE-2023-22515) in publicly accessible Confluence Data Center and Server instances where an attacker could create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites not affected by this vulnerability. (CVSSv3.0 Base: 10)

Any guidance is appreciated

ASM does not use either of these technologies.

@secops123 To add to Scott's comment, those technologies are not used in the ASM platform and on top of it the platform sits behind fully protected CDN and any attempts on such vulnerabilities are blocked.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.