CVE-2023-42660 MOVEit Transfer Machine Interface SQL Injection

🗓️ 20 Sep 2023 16:04:54Reported by ProgressSoftwareType

CVE-2023-42660 SQL Injection in MOVEit Transfe

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-42660	20 Sep 202320:30	–	circl
CNNVD	Progress MOVEit Transfer SQL Injection Vulnerability	20 Sep 202300:00	–	cnnvd
CVE	CVE-2023-42660	20 Sep 202316:04	–	cve
EUVD	EUVD-2023-47093	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Progress MOVEit Transfer	21 Sep 202300:00	–	ncsc
NVD	CVE-2023-42660	20 Sep 202317:15	–	nvd
OSV	CVE-2023-42660	20 Sep 202317:15	–	osv
Prion	Sql injection	20 Sep 202317:15	–	prion
Tenable Nessus	Progress MOVEit Transfer < 2021.1.8 / 2022.0 < 2022.0.8, 2022.1 < 2022.1.9 / 2023.0 < 2023.0.6 Multiple Vulnerabilities (September 2023)	26 Sep 202300:00	–	nessus
Vulnrichment	CVE-2023-42660 MOVEit Transfer Machine Interface SQL Injection	20 Sep 202316:04	–	vulnrichment

[
  {
    "defaultStatus": "affected",
    "modules": [
      "MOVEit Transfer Machine Interface"
    ],
    "product": "MOVEit Transfer",
    "vendor": "Progress Software Corporation",
    "versions": [
      {
        "lessThan": "2023.0.6 (15.0.6)",
        "status": "affected",
        "version": "2023.0.0 (15.0.0)",
        "versionType": "semver"
      },
      {
        "lessThan": "2022.1.9 (14.1.9)",
        "status": "affected",
        "version": "2022.1.0 (14.1.0)",
        "versionType": "semver"
      },
      {
        "lessThan": "2022.0.8 (14.0.8)",
        "status": "affected",
        "version": "2022.0.0 (14.0.0)",
        "versionType": "semver"
      },
      {
        "lessThan": "2021.1.8 (13.1.8)",
        "status": "affected",
        "version": "2021.1.0 (13.1.0)",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
community	www.community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
progress	www.progress.com/moveit

20 Sep 2023 16:15Current

9High risk

Vulners AI Score9

CVSS 3.18.8

EPSS0.00577

CWE-89