cbcvebase.
CVE-2024-2291
published 2024-03-20

CVE-2024-2291: In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass…

PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.39%
30.3th percentile
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.

Affected

8 ranges
VendorProductVersion rangeFixed in
progressmoveit_transfer< 2022.0.112022.0.11
progressmoveit_transfer>= 2022.1.0 < 2022.1.122022.1.12
progressmoveit_transfer>= 2023.0.0 < 2023.0.92023.0.9
progressmoveit_transfer>= 2023.1.0 < 2023.1.42023.1.4
progress_softwaremoveit_transfer>= 2022.0.0 (14.0.0) < 2022.0.11 (14.0.11)2022.0.11 (14.0.11)
progress_softwaremoveit_transfer>= 2022.1.0 (14.1.0) < 2022.1.12 (14.1.12)2022.1.12 (14.1.12)
progress_softwaremoveit_transfer>= 2023.0.0 (15.0.0) < 2023.0.9 (15.0.9)2023.0.9 (15.0.9)
progress_softwaremoveit_transfer>= 2023.1.0 (15.1.0) < 2023.1.4 (15.1.4)2023.1.4 (15.1.4)

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.