535 matches found
CVE-2024-0396 Missing Server-Side Input Validation in HTTP Parameter
In Progress MOVEit Transfer versions released before 2022.0.10 14.0.10, 2022.1.11 14.1.11, 2023.0.8 15.0.8, 2023.1.3 15.1.3, an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational...
CVE-2024-0396
CVE-2024-0396 affects Progress MOVEit Transfer. An authenticated user can manipulate a parameter in an HTTPS transaction, causing computational errors and potentially a denial of service. Affected versions include before 2022.0.10 (14.0.10), before 2022.1.11 (14.1.11), before 2023.0.8 (15.0.8), a...
CVE-2024-0396 Missing Server-Side Input Validation in HTTP Parameter
In Progress MOVEit Transfer versions released before 2022.0.10 14.0.10, 2022.1.11 14.1.11, 2023.0.8 15.0.8, 2023.1.3 15.1.3, an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational...
Progress MOVEit Transfer Input Validation Error Vulnerability
Progress MOVEit Transfer is a secure hosted file transfer application from Progress. An input validation error vulnerability exists in Progress MOVEit Transfer, which stems from the presence of an input validation issue that allows an authenticated user to manipulate parameters in an HTTPS...
PT-2024-1119 · Ipswitch · Moveit Transfer
Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2022.0.10 14.0.10 MOVEit Transfer versions prior to 2022.1.11 14.1.11 MOVEit Transfer versions prior to 2023.0.8 15.0.8 MOVEit Transfer versions prior to 2023.1.3 15.1.3 Description: An input validation issue...
Delta Dental Hit with 7 Million User Data Breach in MOVEit-Linked Attack
By Waqas Since its emergence in May 2023, the MOVEit vulnerability has been exploited by the Russian-linked Cl0p ransomware gang,… This is a post from HackRead.com Read the original post: Delta Dental Hit with 7 Million User Data Breach in MOVEit-Linked Attack...
VulnCheck KEV: CVE-2023-36934
In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to...
The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer, related to deficiencies in access control, allows attackers to enhance their privileges.
The vulnerability of software for processing and transmitting confidential data in Progress MOVEit Transfer is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the MOVEit Gateway proxy server software, which is used for processing and transmitting confidential data in the Progress MOVEit Transfer system, allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the MOVEit Gateway proxy server software for processing and transmitting confidential data within the Progress MOVEit Transfer system is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform...
Vulnerabilities fixed in MOVEit Transfer
Progress has fixed vulnerabilities in MOVEit Transfer. A malicious party could exploit the vulnerability with attribute CVE-2023-6217 exploit for a Cross-Site Scripting ace trap. Such an attack can lead to execution of arbitrary code in the browser of the victim, or potentially access sensitive...
Progress MOVEit Transfer < 2022.0.9 / 2022.1 < 2022.1.10 / 2023.0 < 2023.0.7 / 2023.1.1 Multiple Vulnerabilities (November 2023)
The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is prior to 2022.0.9, 2022.1 prior to 2022.1.10, 2023.0 prior to 2023.0.7 or 2023.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in Progress Community article 000246898. ...
CVE-2023-6218
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an...
CVE-2023-6217
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a reflected cross-site scripting XSS vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting...
CVE-2023-6218
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an...
CVE-2023-6217
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a reflected cross-site scripting XSS vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting...
Privilege escalation
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an...
Cross site scripting
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a reflected cross-site scripting XSS vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting...
CVE-2023-6218 MOVEit Transfer Group Admin Privilege Escalation
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an...
CVE-2023-6218
MOVEit Transfer CVE-2023-6218 describes an elevation-of-privilege vulnerability where a group administrator can upgrade a group member to organization administrator. Affected products/versions are MOVEit Transfer prior to 2022.0.9 (14.0.9), prior to 2022.1.10 (14.1.10), and prior to 2023.0.7 (15....
CVE-2023-6217 MOVEit Transfer XSS via MOVEit Gateway
In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a reflected cross-site scripting XSS vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting...