CVE-2024-2291 — Insufficient Logging in Software Moveit Transfer

CWE-778 — Insufficient Logging CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 74.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Progress Software Moveit Transfer Progress Moveit Transfer

Timeline

PublishedMar 20

Latest updateJan 11

Description

In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDprogress/moveit_transfer2022.1.0 — 2022.1.12+3

▶CVEListV5progress_software/moveit_transfer2022.0.0 (14.0.0) — 2022.0.11 (14.0.11)+3

🔴Vulnerability Details

GHSA

GHSA-2ccx-3vjx-pj7f: In Progress MOVEit Transfer versions released before 2022↗2024-03-20

▶

CVEList

MOVEit Transfer Logging Bypass Vulnerability↗2024-03-20

▶

📋Vendor Advisories

Red Hat

kernel: ring-buffer: Fix overflow in __rb_map_vma↗2025-01-11

▶