Progress Software Corporation Moveit Transfer vulnerabilities
6 known vulnerabilities affecting progress_software_corporation/moveit_transfer.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-0396HIGHCVSS 7.1≥ 2022.0.0 (14.0.0), < 2022.0.10 (14.0.10)≥ 2022.1.0 (14.1.0), < 2022.1.11 (14.1.11)+2 more2024-01-17
CVE-2024-0396 [HIGH] CWE-20 CVE-2024-0396:
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result i
cvelistv5nvd
CVE-2023-6218HIGHCVSS 7.2≥ 2023.0.0 (15.0.0), < 2023.0.7 (15.0.7)≥ 2022.1.0 (14.1.0), < 2022.1.10 (14.1.10)+1 more2023-11-29
CVE-2023-6218 [HIGH] CWE-269 CVE-2023-6218:
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.
cvelistv5nvd
CVE-2023-6217MEDIUMCVSS 6.1≥ 2023.0.0 (15.0.0), < 2023.0.7 (15.0.7)≥ 2022.1.0 (14.1.0), < 2022.1.10 (14.1.10)+1 more2023-11-29
CVE-2023-6217 [MEDIUM] CWE-79 CVE-2023-6217:
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.
An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and M
cvelistv5nvd
CVE-2023-40043HIGHCVSS 7.2≥ 2023.0.0 (15.0.0), < 2023.0.6 (15.0.6)≥ 2022.1.0 (14.1.0), < 2022.1.9 (14.1.9)+2 more2023-09-20
CVE-2023-40043 [HIGH] CWE-89 CVE-2023-40043:
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system admini
cvelistv5nvd
CVE-2023-42660HIGHCVSS 8.8≥ 2023.0.0 (15.0.0), < 2023.0.6 (15.0.6)≥ 2022.1.0 (14.1.0), < 2022.1.9 (14.1.9)+2 more2023-09-20
CVE-2023-42660 [HIGH] CWE-89 CVE-2023-42660:
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a cra
cvelistv5nvd
CVE-2023-42656MEDIUMCVSS 6.1≥ 2023.0.0 (15.0.0), < 2023.0.6 (15.0.6)≥ 2022.1.0 (14.1.0), < 2022.1.9 (14.1.9)+2 more2023-09-20
CVE-2023-42656 [MEDIUM] CWE-79 CVE-2023-42656:
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedu
cvelistv5nvd