Lucene search

[email protected]NVD:CVE-2023-36932

HistoryJul 05, 2023 - 4:15 p.m.

CVE-2023-36932

2023-07-0516:15:09

CWE-89

[email protected]

web.nvd.nist.gov

moveit transfer

sql injection

database unauthorized access

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

JSON

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

Affected configurations

NVD

Node

progressmoveit_transferRange<2020.1.11

progressmoveit_transferRange2021.0–2021.0.9

progressmoveit_transferRange2021.1.0–2021.1.7

progressmoveit_transferRange2022.0.0–2022.0.7

progressmoveit_transferRange2022.1.0–2022.1.8

progressmoveit_transferRange2023.0.0–2023.0.4

References

community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023

www.progress.com/moveit

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for NVD:CVE-2023-36932

prion1 cve1 cvelist1 malwarebytes1 nessus1 thn1