First published: Fri Feb 14 2020(Updated: )
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Progess Moveit Transfer | >=2019.1<2019.1.4 | |
Progress MOVEit Transfer | >=2019.2<2019.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8612 is a vulnerability in MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 that allows an authenticated attacker to execute arbitrary code in a victim's browser through a REST API endpoint.
CVE-2020-8612 has a severity rating of critical with a value of 9.
MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 are affected by CVE-2020-8612.
An attacker can exploit CVE-2020-8612 by injecting malicious input through a REST API endpoint and executing arbitrary code in a victim's browser.
Yes, you can find more information about CVE-2020-8612 in the following references: [reference1] [reference2] [reference3].