Latest progress moveit transfer Vulnerabilities

CVE-2024-0396
Missing Server-Side Input Validation in HTTP Parameter
Progress MOVEit Transfer<2022.0.10
Progress MOVEit Transfer>=2022.1.0<2022.1.11
Progress MOVEit Transfer>=2023.0.1<2023.0.8
Progress MOVEit Transfer>=2023.1.0<2023.1.3
CVE-2023-6218
MOVEit Transfer Group Admin Privilege Escalation
Progress MOVEit Transfer<=2021.1.0
Progress MOVEit Transfer>=2022.0.0<2022.0.9
Progress MOVEit Transfer>=2022.1.0<2022.1.10
Progress MOVEit Transfer>=2023.0.0<2023.0.7
Progress MOVEit Transfer>=2023.1.0<2023.1.2
CVE-2023-6217
MOVEit Transfer XSS via MOVEit Gateway
Progress MOVEit Transfer<=2021.1.0
Progress MOVEit Transfer>=2022.0.0<2022.0.9
Progress MOVEit Transfer>=2022.1.0<2022.1.10
Progress MOVEit Transfer>=2023.0.0<2023.0.7
Progress MOVEit Transfer>=2023.1.0<2023.1.2
CVE-2023-42660
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transf...
Progress MOVEit Transfer<2021.1.8
Progress MOVEit Transfer>=2022.0.0<2022.0.8
Progress MOVEit Transfer>=2022.1.0<2022.1.9
Progress MOVEit Transfer>=2023.0.0<2023.0.6
CVE-2023-42656
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identifi...
Progress MOVEit Transfer<2021.1.8
Progress MOVEit Transfer>=2022.0.0<2022.0.8
Progress MOVEit Transfer>=2022.1.0<2022.1.9
Progress MOVEit Transfer>=2023.0.0<2023.0.6
CVE-2023-40043
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transf...
Progress MOVEit Transfer<2021.1.8
Progress MOVEit Transfer>=2022.0.0<2022.0.8
Progress MOVEit Transfer>=2022.1.0<2022.1.9
Progress MOVEit Transfer>=2023.0.0<2023.0.6
CVE-2023-36934
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identi...
Progress MOVEit Transfer<12.1.11
Progress MOVEit Transfer>=13.0.0<13.0.9
Progress MOVEit Transfer>=13.1.0<13.1.7
Progress MOVEit Transfer>=14.0.0<14.0.7
Progress MOVEit Transfer>=14.1.0<14.1.8
Progress MOVEit Transfer>=15.0.0<15.0.4
CVE-2023-36933
In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in ...
Progress MOVEit Transfer<2020.1.11
Progress MOVEit Transfer>=2021.0<2021.0.9
Progress MOVEit Transfer>=2021.1.0<2021.1.7
Progress MOVEit Transfer>=2022.0.0<2022.0.7
Progress MOVEit Transfer>=2022.1.0<2022.1.8
Progress MOVEit Transfer>=2023.0.0<2023.0.4
CVE-2023-35708
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Tr...
Progress MOVEit Transfer<2020.1.10
Progress MOVEit Transfer>=2021.0.6<2021.0.8
Progress MOVEit Transfer>=2021.1.4<2021.1.6
Progress MOVEit Transfer>=2022.0.4<2022.0.6
Progress MOVEit Transfer>=2022.1.5<2022.1.7
Progress MOVEit Transfer>=2023.0.1<2023.0.3
CVE-2023-35036
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transf...
Progress MOVEit Transfer<2021.0.7
Progress MOVEit Transfer>=2021.1.0<2021.1.5
Progress MOVEit Transfer>=2022.0.0<2022.0.5
Progress MOVEit Transfer>=2022.1.0<2022.1.6
Progress MOVEit Transfer>=2023.0.0<2023.0.2
CVE-2023-34362
Progress MOVEit Transfer SQL Injection Vulnerability
Progress Moveit Cloud<14.0.5.45
Progress Moveit Cloud>=14.1.0.0<14.1.6.97
Progress Moveit Cloud>=15.0.0.0<15.0.2.39
Progress MOVEit Transfer<=2020.1.6
Progress MOVEit Transfer>=2021.0<2021.0.7
Progress MOVEit Transfer>=2021.1.0<2021.1.5
and 4 more
CVE-2021-38159
In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the dat...
Progress MOVEit Transfer<2019.0.8
Progress MOVEit Transfer>=2019.1<2019.1.7
Progress MOVEit Transfer>=2019.2<2019.2.4
Progress MOVEit Transfer>=2020.0<2020.0.7
Progress MOVEit Transfer>=2020.1<2020.1.6
Progress MOVEit Transfer>=2021.0<2021.0.4
CVE-2021-37614
Progress MOVEit Transfer<2019.0.7
Progress MOVEit Transfer>=2019.1<2019.1.6
Progress MOVEit Transfer>=2019.2<2019.2.3
Progress MOVEit Transfer>=2020.0<2020.0.6
Progress MOVEit Transfer>=2020.1<2020.1.5
Progress MOVEit Transfer>=2021.0<2021.0.3
CVE-2021-33894
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021...
Progress MOVEit Transfer<2019.0.6
Progress MOVEit Transfer>=2019.1<2019.1.5
Progress MOVEit Transfer>=2019.2<2019.2.2
Progress MOVEit Transfer>=2020.0<2020.0.5
Progress MOVEit Transfer>=2020.1<2020.1.4
Progress MOVEit Transfer>=2021.0<2021.0.1
CVE-2020-28647
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, i...
Progress MOVEit Transfer<2020.1
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute...
Progess Moveit Transfer>=2019.1<2019.1.4
Progress MOVEit Transfer>=2019.2<2019.2.1
CVE-2020-8611
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain...
Progess Moveit Transfer>=2019.1<2019.1.4
Progress MOVEit Transfer>=2019.2<2019.2.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203