Sql injection

2023-06-1203:15:00

PRIOn knowledge base

www.prio-n.com

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

39.9%

JSON

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

CPENameOperatorVersion
moveit_transferge2023.0.0
moveit_transferlt2023.0.2
moveit_transferge2022.1.0
moveit_transferlt2022.1.6
moveit_transferge2022.0.0
moveit_transferlt2022.0.5
moveit_transferge2021.1.0
moveit_transferlt2021.1.5
moveit_transferlt2021.0.7

Name	Operator	Version
moveit_transfer	ge	2023.0.0
moveit_transfer	lt	2023.0.2
moveit_transfer	ge	2022.1.0
moveit_transfer	lt	2022.1.6
moveit_transfer	ge	2022.0.0
moveit_transfer	lt	2022.0.5
moveit_transfer	ge	2021.1.0
moveit_transfer	lt	2021.1.5
moveit_transfer	lt	2021.0.7