CVE-2024-0396Improper Input Validation in Software Corporation Moveit Transfer

CWE-20Improper Input Validation3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 63.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Progress Software Corporation Moveit TransferProgress Moveit Transfer
Timeline
PublishedJan 17

Description

In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDprogress/moveit_transfer2022.1.02022.1.11+3
CVEListV5progress_software_corporation/moveit_transfer2022.0.0 (14.0.0)2022.0.10 (14.0.10)+3

🔴Vulnerability Details

2
GHSA
GHSA-rx22-xr85-fqfw: In Progress MOVEit Transfer versions released before 20222024-01-17
CVEList
Missing Server-Side Input Validation in HTTP Parameter2024-01-17
CVE-2024-0396 — Improper Input Validation | cvebase