cbcvebase.

Progress Software Corporation Moveit Transfer vulnerabilities

6 known vulnerabilities affecting progress_software_corporation/moveit_transfer.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-42660P3HIGHCVSS 8.8≥ 2023.0.0 (15.0.0), < 2023.0.6 (15.0.6)≥ 2022.1.0 (14.1.0), < 2022.1.9 (14.1.9)+2 more2023-09-20
CVE-2023-42660 [HIGH] CWE-89 CVE-2023-42660: In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a craf
nvd
CVE-2023-40043P3HIGHCVSS 7.2≥ 2023.0.0 (15.0.0), < 2023.0.6 (15.0.6)≥ 2022.1.0 (14.1.0), < 2022.1.9 (14.1.9)+2 more2023-09-20
CVE-2023-40043 [HIGH] CWE-89 CVE-2023-40043: In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system adminis
nvd
CVE-2023-6218P3HIGHCVSS 7.2≥ 2023.0.0 (15.0.0), < 2023.0.7 (15.0.7)≥ 2022.1.0 (14.1.0), < 2022.1.10 (14.1.10)+1 more2023-11-29
CVE-2023-6218 [HIGH] CWE-269 CVE-2023-6218: In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0 In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.
nvd
CVE-2024-0396P3HIGHCVSS 7.1≥ 2022.0.0 (14.0.0), < 2022.0.10 (14.0.10)≥ 2022.1.0 (14.1.0), < 2022.1.11 (14.1.11)+2 more2024-01-17
CVE-2024-0396 [HIGH] CWE-20 CVE-2024-0396: In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023 In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in
nvd
CVE-2023-6217P4MEDIUMCVSS 6.1≥ 2023.0.0 (15.0.0), < 2023.0.7 (15.0.7)≥ 2022.1.0 (14.1.0), < 2022.1.10 (14.1.10)+1 more2023-11-29
CVE-2023-6217 [MEDIUM] CWE-79 CVE-2023-6217: In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0 In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MO
nvd
CVE-2023-42656P4MEDIUMCVSS 6.1≥ 2023.0.0 (15.0.0), < 2023.0.6 (15.0.6)≥ 2022.1.0 (14.1.0), < 2022.1.9 (14.1.9)+2 more2023-09-20
CVE-2023-42656 [MEDIUM] CWE-79 CVE-2023-42656: In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedur
nvd
Progress Software Corporation Moveit Transfer vulnerabilities | cvebase