CVE-2024-6576Improper Authentication in Moveit Transfer

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICALNVD
CNA7.3
EPSS
2.2%
top 15.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Progress Moveit Transfer
Timeline
PublishedJul 29

Description

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5progress/moveit_transfer2023.0.02023.0.12+2
NVDprogress/moveit_transfer2023.0.02023.0.12+2

🔴Vulnerability Details

2
GHSA
GHSA-w2qq-x44h-xp8c: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation2024-07-29
CVEList
MOVEit Transfer Privilege Escalation Vulnerability2024-07-29
CVE-2024-6576 — Improper Authentication | cvebase