ProgressSoftwareCVELIST:CVE-2023-42660CVE-2023-42660 MOVEit Transfer Machine Interface SQL Injection
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.5%
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interfaceΒ that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"MOVEit Transfer Machine Interface"
],
"product": "MOVEit Transfer",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.0.6 (15.0.6)",
"status": "affected",
"version": "2023.0.0 (15.0.0)",
"versionType": "semver"
},
{
"lessThan": "2022.1.9 (14.1.9)",
"status": "affected",
"version": "2022.1.0 (14.1.0)",
"versionType": "semver"
},
{
"lessThan": "2022.0.8 (14.0.8)",
"status": "affected",
"version": "2022.0.0 (14.0.0)",
"versionType": "semver"
},
{
"lessThan": "2021.1.8 (13.1.8)",
"status": "affected",
"version": "2021.1.0 (13.1.0)",
"versionType": "semver"
}
]
}
]Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.5%