Lucene search
+L
ProgressMoveit Transfer2019.2

5 matches found

CVE
CVE
added 2020/02/14 6:2 p.m.127 views

CVE-2020-8612

CVE-2020-8612 affects Progress MOVEit Transfer: vulnerable in 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 due to a REST API endpoint that does not adequately sanitize malicious input, enabling an authenticated attacker to execute arbitrary code in a user’s browser (XSS). Connected sources c...

9CVSS9.1AI score0.01674EPSS
CVE
CVE
added 2020/02/14 5:59 p.m.124 views

CVE-2020-8611

CVE-2020-8611 reports multiple SQL injection vulnerabilities in the REST API of MOVEit Transfer (versions 2019.1 prior to 2019.1.4 and 2019.2 prior to 2019.2.1). An authenticated attacker could gain unauthorized access to MOVEit Transfer’s database via the REST API, and depending on the database ...

8.8CVSS9.1AI score0.01233EPSS
CVE
CVE
added 2021/08/07 4:5 p.m.79 views

CVE-2021-38159

CVE-2021-38159 affects Progress MOVEit Transfer web applications; versions before 2021.0.4 (13.0.4) are vulnerable to unauthenticated SQL injection. An attacker could access the backend database, potentially inferring schema/data or executing statements that alter or delete elements, with impact ...

9.8CVSS9.8AI score0.01891EPSS
CVE
CVE
added 2021/06/09 6:30 p.m.59 views

CVE-2021-33894

MOVEit Transfer contains a SQL injection vulnerability in SILUtility.vb within MOVEit.DMZ.WebApp affecting multiple release lines (2019.x, 2020.x, 2021.x up to 2021.0.1). An authenticated attacker could access the database, and depending on the engine (MySQL, Microsoft SQL Server, or Azure SQL) p...

8.8CVSS8.7AI score0.01095EPSS
CVE
CVE
added 2021/08/05 7:33 p.m.46 views

CVE-2021-37614

In Progress MOVEit Transfer, a SQL injection vulnerability exists in the MOVEit Transfer web application for certain versions prior to 2021.0.3 (13.0.3). An authenticated remote attacker could potentially access the backend database, with the impact depending on the database engine (MySQL, Micros...

8.8CVSS8.8AI score0.01496EPSS