Lucene search
K
ProgressMoveit Transfer

33 matches found

CVE
CVE
added 2023/06/02 12:0 a.m.1549 views

CVE-2023-34362

MOVEit Transfer CVE-2023-34362 is a SQL injection vulnerability in the MOVEit Transfer web app that allows an unauthenticated attacker to access MOVEit databases. Affected versions include 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), with all ...

9.8CVSS9.7AI score0.99934EPSS
In wildWeb
CVE
CVE
added 2023/06/12 12:0 a.m.182 views

CVE-2023-35036

MOVEit Transfer is affected by a SQL injection vulnerability in its web application. Connected sources confirm an unauthenticated attacker could modify and disclose MOVEit’s database content due to how SQL queries are constructed. Affected versions include pre-2021.0.7 (13.0.7), 2021.1.5 (13.1.5)...

9.1CVSS10AI score0.12808EPSS
In wild
CVE
CVE
added 2024/06/25 3:4 p.m.145 views

CVE-2024-5806

CVE-2024-5806 affects the MOVEit Transfer SFTP module. The issue is an Improper Authentication vulnerability that can lead to an Authentication Bypass . Affected versions include MOVEit Transfer 2023.0.x prior to 2023.0.11, 2023.1.x prior to 2023.1.6, and 2024.0.x prior to 2024.0.2. Root cause is...

9.8CVSS9.2AI score0.75812EPSS
In wildWeb
CVE
CVE
added 2023/06/16 12:0 a.m.136 views

CVE-2023-35708

MOVEit Transfer is affected by a SQL injection in the web application that can allow an unauthenticated attacker to modify and disclose MOVEit’s database content. Affected versions include 2020.1.10 (12.1.10) and 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023...

9.8CVSS9.6AI score0.96682EPSS
CVE
CVE
added 2020/02/14 6:2 p.m.124 views

CVE-2020-8612

CVE-2020-8612 affects Progress MOVEit Transfer: vulnerable in 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 due to a REST API endpoint that does not adequately sanitize malicious input, enabling an authenticated attacker to execute arbitrary code in a user’s browser (XSS). Connected sources c...

9CVSS9.1AI score0.01674EPSS
CVE
CVE
added 2020/02/14 5:59 p.m.121 views

CVE-2020-8611

CVE-2020-8611 reports multiple SQL injection vulnerabilities in the REST API of MOVEit Transfer (versions 2019.1 prior to 2019.1.4 and 2019.2 prior to 2019.2.1). An authenticated attacker could gain unauthorized access to MOVEit Transfer’s database via the REST API, and depending on the database ...

8.8CVSS9.1AI score0.01233EPSS
CVE
CVE
added 2023/07/05 12:0 a.m.94 views

CVE-2023-36934

MOVEit Transfer web application (versions 12.1.11, 13.0.9, 13.1.7, 14.0.7, 14.1.8, 15.0.4 and earlier) is affected by a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit database by sending a crafted payload to an application endpoi...

9.1CVSS9.3AI score0.95EPSS
In wild
CVE
CVE
added 2021/08/07 4:5 p.m.79 views

CVE-2021-38159

CVE-2021-38159 affects Progress MOVEit Transfer web applications; versions before 2021.0.4 (13.0.4) are vulnerable to unauthenticated SQL injection. An attacker could access the backend database, potentially inferring schema/data or executing statements that alter or delete elements, with impact ...

9.8CVSS9.8AI score0.01891EPSS
CVE
CVE
added 2023/09/20 4:6 p.m.75 views

CVE-2023-40043

CVE-2023-40043 affects Progress MOVEit Transfer: a SQL injection in the web interface could let a MOVEit system administrator submit a crafted payload to modify and disclose database content. Affected are MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14....

7.2CVSS7.5AI score0.00561EPSS
CVE
CVE
added 2024/07/29 1:46 p.m.75 views

CVE-2024-6576

CVE-2024-6576 - Progress MOVEit Transfer (SFTP module) : Affected MOVEit Transfer versions include 2023.0.0–2023.0.11, 2023.1.0–2023.1.6, and 2024.0.0–2024.0.2, with a root cause described as an improper authentication vulnerability that can lead to privilege escalation. Remediation per sources: ...

9.8CVSS7.2AI score0.00618EPSS
CVE
CVE
added 2023/07/05 12:0 a.m.71 views

CVE-2023-36932

MOVEit Transfer contains CVE-2023-36932, a SQL injection vulnerability in the web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database by submitting crafted payloads to an application endpoint. Affected versions include pre-2020.1.11 (...

8.1CVSS9.2AI score0.81092EPSS
CVE
CVE
added 2023/09/20 4:4 p.m.69 views

CVE-2023-42660

CVE-2023-42660 affects Progress MOVEit Transfer: a SQL injection in the MOVEit Transfer machine interface (web/machine interface) in versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6) could let an authenticated attacker gain unauthorized access to ...

8.8CVSS8.8AI score0.00577EPSS
CVE
CVE
added 2025/03/19 3:23 p.m.67 views

CVE-2025-2324

The CVE-2025-2324 entry concerns an Improper Privilege Management issue in MOVEit Transfer (SFTP module) where users configured as Shared Accounts can gain elevated permissions. Affected versions are MOVEit Transfer: 2023.1.0–2023.1.11, 2024.0.0–2024.0.7, and 2024.1.0–2024.1.1. Remediations are t...

8.8CVSS5.8AI score0.00229EPSS
CVE
CVE
added 2024/03/20 2:46 p.m.66 views

CVE-2024-2291

CVE-2024-2291 (MOVEit Transfer) is a logging bypass vulnerability affecting MOVEit Transfer versions prior to 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), and 2023.1.4 (15.1.4). An authenticated user can manipulate a request to bypass the web application’s logging mechanism, causi...

4.3CVSS4.5AI score0.00385EPSS
CVE
CVE
added 2023/07/05 12:0 a.m.64 views

CVE-2023-36933

CVE-2023-36933 affects Progress MOVEit Transfer: an attacker could invoke a method that triggers an unhandled exception, causing the MOVEit Transfer application to terminate. Affected versions include pre-2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15...

7.5CVSS8.3AI score0.72242EPSS
CVE
CVE
added 2023/11/29 4:14 p.m.64 views

CVE-2023-6218

MOVEit Transfer CVE-2023-6218 describes an elevation-of-privilege vulnerability where a group administrator can upgrade a group member to organization administrator. Affected products/versions are MOVEit Transfer prior to 2022.0.9 (14.0.9), prior to 2022.1.10 (14.1.10), and prior to 2023.0.7 (15....

7.2CVSS7.2AI score0.00696EPSS
CVE
CVE
added 2024/01/17 3:56 p.m.64 views

CVE-2024-0396

CVE-2024-0396 affects Progress MOVEit Transfer. An authenticated user can manipulate a parameter in an HTTPS transaction, causing computational errors and potentially a denial of service. Affected versions include before 2022.0.10 (14.0.10), before 2022.1.11 (14.1.11), before 2023.0.8 (15.0.8), a...

7.1CVSS6.7AI score0.00539EPSS
CVE
CVE
added 2021/06/09 6:30 p.m.59 views

CVE-2021-33894

MOVEit Transfer contains a SQL injection vulnerability in SILUtility.vb within MOVEit.DMZ.WebApp affecting multiple release lines (2019.x, 2020.x, 2021.x up to 2021.0.1). An authenticated attacker could access the database, and depending on the engine (MySQL, Microsoft SQL Server, or Azure SQL) p...

8.8CVSS8.7AI score0.01095EPSS
CVE
CVE
added 2021/05/18 10:25 a.m.53 views

CVE-2021-31827

CVE-2021-31827 affects MOVEit Transfer (DMZ) up to version 2020.1 (12.1.1.116). The vulnerability is a SQL Injection in MOVEit.DMZ.WebApp’s SILHuman.vb (FolderApplySettingsRecurs path) that requires authentication and can allow an attacker to access the MOVEit Transfer database, infer schema/cont...

8.8CVSS8.7AI score0.01213EPSS
Web
CVE
CVE
added 2021/08/05 7:33 p.m.45 views

CVE-2021-37614

In Progress MOVEit Transfer, a SQL injection vulnerability exists in the MOVEit Transfer web application for certain versions prior to 2021.0.3 (13.0.3). An authenticated remote attacker could potentially access the backend database, with the impact depending on the database engine (MySQL, Micros...

8.8CVSS8.8AI score0.01496EPSS
CVE
CVE
added 2020/11/17 1:8 p.m.44 views

CVE-2020-28647

MOVEit Transfer (pre-2020.1) is affected by a stored XSS vulnerability: a malicious payload crafted by an attacker can be stored in the app and, when a user interacts with it, execute arbitrary code in the victim’s browser. Public advisories and a GitHub exploit example describe the existence of ...

5.4CVSS5.9AI score0.01408EPSS
CVE
CVE
added 2023/11/29 4:14 p.m.40 views

CVE-2023-6217

CVE-2023-6217 describes a reflected Cross-Site Scripting (XSS) vulnerability in MOVEit Transfer when used with MOVEit Gateway. Affected: MOVEit Transfer versions before 2022.0.9 (14.0.9), before 2022.1.10 (14.1.10), and before 2023.0.7 (15.0.7). Root cause: XSS in a combined MOVEit Gateway/Transf...

7.1CVSS6AI score0.00511EPSS
CVE
CVE
added 2023/09/20 4:6 p.m.38 views

CVE-2023-42656

CVE-2023-42656 affects MOVEit Transfer prior to 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), and 2023.0.6 (15.0.6). The issue is a reflected cross-site scripting (XSS) vulnerability in MOVEit Transfer’s web interface. An attacker could craft a malicious payload during the package comp...

6.1CVSS6.5AI score0.00481EPSS
CVE
CVE
added 2026/01/06 10:16 p.m.28 views

CVE-2025-11235

Progress MOVEit Transfer on Windows REST API modules is affected by an unverified password change vulnerability. Affected versions include MOVEit Transfer 2022.0.0–2022.0.10, 2022.1.0–2022.1.11, 2023.0.0–2023.0.8, and 2023.1.0–2023.1.3. The issue is documented across multiple sources (including R...

7.5CVSS6.6AI score0.00178EPSS
CVE
CVE
added 2025/11/19 8:45 p.m.28 views

CVE-2025-13147

CVE-2025-13147 concerns Progress MOVEit Transfer. A(Server-Side) SSRF vulnerability exists in MOVEit Transfer core handling, affecting versions before 2024.1.8 and 2025.0.0 up to before 2025.0.4. The issue allows an attacker to cause the server to make unauthorized requests, potentially accessing...

5.3CVSS6.6AI score0.00238EPSS
CVE
CVE
added 6 days ago21 views

CVE-2026-11903

CVE-2026-11903 is a stored XSS in the Progress MOVEit Transfer (Ad Hoc module). The issue arises from improper neutralization of input during web page generation. Affects MOVEit Transfer versions: 2026.0.0 before 2026.0.1; 2025.1.0 before 2025.1.4; 2025.0.0 before 2025.0.8. CVSS v3.1 base score 8...

8CVSS5.9AI score0.00232EPSS
CVE
CVE
added 6 days ago20 views

CVE-2026-10699

CVE-2026-10699 affects Progress MOVEit Transfer (Custom Reports modules) with a memory leak caused by missing release of memory after its effective lifetime. Affects MOVEit Transfer versions: 2025.0.0–before 2025.0.8, 2025.1.0–before 2025.1.4, and 2026.0.0–before 2026.0.1. The issue can lead to d...

7.5CVSS5.9AI score0.00283EPSS
CVE
CVE
added 6 days ago14 views

CVE-2026-8800

CVE-2026-8800 concerns an Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). Affected software is MOVEit Transfer; impact involves unauthorized access across confidentiality, integrity, and availability (CVSS v3.1 base score 8.8, HIGH). Affected versions are MO...

8.8CVSS5.9AI score0.00196EPSS
CVE
CVE
added 6 days ago12 views

CVE-2026-8801

Technical details about CVE-2026-8801 are not publicly available in the provided documents. Monitor for further updates from vendors and standard CVE sources.

9.8CVSS5.9AI score0.00311EPSS
CVE
CVE
added 6 days ago11 views

CVE-2026-8649

Summary of CVE-2026-8649 : An instance of Improper Neutralization of Special Elements in Data Query Logic affects MOVEit Transfer (Custom Reports modules). The issue impacts MOVEit Transfer versions prior to 2025.0.7 and from 2025.1.0 up to before 2025.1.3. The CVSS vectors indicate a high-severi...

9.8CVSS5.9AI score0.00234EPSS
CVE
CVE
added 6 days ago11 views

CVE-2026-8650

Vulnerability: Relative path traversal in Progress MOVEit Transfer (Admin Settings module). Affected versions: MOVEit Transfer before 2025.0.7, and from 2025.1.0 before 2025.1.3. Impact (as described): Authenticated path traversal that can allow viewing arbitrary system files. Notes: The provided...

7.5CVSS5.9AI score0.00365EPSS
CVE
CVE
added 6 days ago9 views

CVE-2026-8651

MOVEit Transfer (HTTPS module) is affected by a limited authentication bypass via spoofing. Affected versions are MOVEit Transfer before 2025.0.7 and 2025.1.0 before 2025.1.3. The provided documents do not specify the root cause details beyond spoofing, nor explicit remediation steps or exploit s...

7.5CVSS5.9AI score0.00215EPSS
CVE
CVE
added 6 days ago7 views

CVE-2026-10698

CVE-2026-10698 is an Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer, specifically affecting the Custom Reports module . Affected versions are MOVEit Transfer 2025.0.0–before 2025.0.8, 2025.1.0–before 2025.1.4, and 2026.0.0–before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS