CVE-2021-37614: SQL Injection
First published: Thu Aug 05 2021(Updated: )
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress MOVEit Transfer | <2019.0.7 | |
| Progress MOVEit Transfer | >=2019.1<2019.1.6 | |
| Progress MOVEit Transfer | >=2019.2<2019.2.3 | |
| Progress MOVEit Transfer | >=2020.0<2020.0.6 | |
| Progress MOVEit Transfer | >=2020.1<2020.1.5 | |
| Progress MOVEit Transfer | >=2021.0<2021.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021
- https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm
- https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm
- https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-37614.
What is the severity of CVE-2021-37614?
The severity of CVE-2021-37614 is high with a severity value of 8.8.
Which software versions are affected by CVE-2021-37614?
The affected software versions for CVE-2021-37614 are Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3).
How can an attacker exploit CVE-2021-37614?
An authenticated remote attacker can exploit CVE-2021-37614 by performing SQL injection in the MOVEit Transfer web application to gain access to the database.
How can CVE-2021-37614 be fixed?
To fix CVE-2021-37614, users should upgrade to Progress MOVEit Transfer version 2021.0.3 (aka 13.0.3) or later.
- collector/nvd-index
- vendor/progress
- product/moveit transfer
- canonical/progress moveit transfer