CVE-2023-6218Improper Privilege Management in Software Corporation Moveit Transfer

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 79.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Progress Software Corporation Moveit TransferProgress Moveit Transfer
Timeline
PublishedNov 29

Description

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDprogress/moveit_transfer2022.0.02022.0.9+4
CVEListV5progress_software_corporation/moveit_transfer2023.0.0 (15.0.0)2023.0.7 (15.0.7)+2

🔴Vulnerability Details

2
CVEList
MOVEit Transfer Group Admin Privilege Escalation2023-11-29
GHSA
GHSA-5743-p3xc-xmhv: In Progress MOVEit Transfer versions released before 20222023-11-29
CVE-2023-6218 — Improper Privilege Management | cvebase