cbcvebase.

Progress Moveit Transfer vulnerabilities

26 known vulnerabilities affecting progress/moveit_transfer.

Total CVEs
26
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
5
Severity breakdown
CRITICAL8HIGH13MEDIUM5

Vulnerabilities

Page 2 of 2
CVE-2024-0396P3HIGHCVSS 7.1fixed in 2022.0.10≥ 2022.1.0, < 2022.1.11+2 more2024-01-17
CVE-2024-0396 [HIGH] CWE-20 CVE-2024-0396: In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023 In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in
nvd
CVE-2025-13147P4MEDIUMCVSS 5.3fixed in 2024.1.8≥ 2025.0.0, < 2025.0.42025-11-19
CVE-2025-13147 [MEDIUM] CWE-918 CVE-2025-13147: Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVE Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.
nvd
CVE-2023-6217P4MEDIUMCVSS 6.1≤ 2021.1.0≥ 2022.0.0, < 2022.0.9+3 more2023-11-29
CVE-2023-6217 [MEDIUM] CWE-79 CVE-2023-6217: In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0 In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MO
nvd
CVE-2020-28647P4MEDIUMCVSS 5.4fixed in 2020.12020-11-17
CVE-2020-28647 [MEDIUM] CWE-79 CVE-2020-28647: In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within t In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).
nvd
CVE-2023-42656P4MEDIUMCVSS 6.1fixed in 2021.1.8≥ 2022.0.0, < 2022.0.8+2 more2023-09-20
CVE-2023-42656 [MEDIUM] CWE-79 CVE-2023-42656: In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedur
nvd
CVE-2024-2291P4MEDIUMCVSS 4.3fixed in 2022.0.11≥ 2022.1.0, < 2022.1.12+2 more2024-03-20
CVE-2024-2291 [MEDIUM] CWE-778 CVE-2024-2291: In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023 In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.
nvd
Progress Moveit Transfer vulnerabilities | cvebase