CVE-2024-5806 MOVEit Transfer Authentication Bypass Vulnerability

2024-06-2515:04:37

CWE-287

ProgressSoftware

github.com

cve-2024-5806

moveit transfer

authentication bypass

progress

sftp module

vulnerability

improper authentication

2023.0.0

2023.0.11

2023.1.0

2023.1.6

2024.0.0

2024.0.2

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "SFTP"
    ],
    "product": "MOVEit Transfer",
    "vendor": "Progress",
    "versions": [
      {
        "lessThan": "2023.0.11",
        "status": "affected",
        "version": "2023.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2023.1.6",
        "status": "affected",
        "version": "2023.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2024.0.2",
        "status": "affected",
        "version": "2024.0.0",
        "versionType": "semver"
      }
    ]
  }
]