Lucene search

[email protected]NVD:CVE-2023-6218

HistoryNov 29, 2023 - 5:15 p.m.

CVE-2023-6218

2023-11-2917:15:07

CWE-269

[email protected]

web.nvd.nist.gov

moveit transfer

privilege escalation

group administrators

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.3%

JSON

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.

Affected configurations

Nvd

Node

progressmoveit_transferRange≤2021.1.0

progressmoveit_transferRange2022.0.0–2022.0.9

progressmoveit_transferRange2022.1.0–2022.1.10

progressmoveit_transferRange2023.0.0–2023.0.7

progressmoveit_transferRange2023.1.0–2023.1.2

VendorProductVersionCPE
progressmoveit_transfer*cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	moveit_transfer	*	cpe:2.3:a:progress:moveit_transfer::::::::

References

community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023

www.progress.com/moveit

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.3%

JSON

Related for NVD:CVE-2023-6218

cvelist1 cve1 prion1 nessus1