← Volver a CVEs
CVE-2023-42660
HIGH8.8
Descripcion
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado9/20/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
progress:moveit_transfer
Debilidades (CWE)
CWE-89CWE-89
Referencias
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023(security@progress.com)
https://www.progress.com/moveit(security@progress.com)
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023(af854a3a-2127-422b-91ae-364da2661108)
https://www.progress.com/moveit(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.