CVE-2019-18465
First published: Thu Oct 31 2019(Updated: )
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ipswitch Moveit Transfer | >=11.1<11.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-18465?
CVE-2019-18465 is a vulnerability in In Progress MOVEit Transfer 11.1 before 11.1.3 that allows an attacker to sign in without full credentials via the SSH (SFTP) interface.
How severe is CVE-2019-18465?
CVE-2019-18465 has a severity rating of 9.8 (critical).
How does CVE-2019-18465 affect MOVEit Transfer?
CVE-2019-18465 affects MOVEit Transfer 11.1 before 11.1.3 if certain SSH (SFTP) configurations are used and if the MySQL database is being used.
Is there a fix for CVE-2019-18465?
Yes, the fix for CVE-2019-18465 is to update to MOVEit Transfer 11.1.3 or later.
Where can I find more information about CVE-2019-18465?
You can find more information about CVE-2019-18465 in the Ipswitch community article and the MOVEit Transfer release notes.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/ipswitch
- canonical/ipswitch moveit transfer
- version/ipswitch moveit transfer/11.1