CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6576 – MOVEit Transfer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6576
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. • https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-July-2024-CVE-2024-6576 https://www.progress.com/moveit • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-5806 – MOVEit Transfer Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-5806
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. • https://github.com/watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806 https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 https://www.progress.com/moveit https://attackerkb.com/topics/44EZLG2xgL/cve-2024-5806/rapid7-analysis • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2024-2291 – MOVEit Transfer Logging Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-2291
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. • https://github.com/ASR511-OO7/CVE-2024-22917 https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024 https://www.progress.com/moveit • CWE-778: Insufficient Logging •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0396 – Missing Server-Side Input Validation in HTTP Parameter
https://notcve.org/view.php?id=CVE-2024-0396
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service. En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), se descubrió un problema de validación de entrada. Un usuario autenticado puede manipular un parámetro en una transacción HTTPS. • https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024 https://www.progress.com/moveit • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6218 – MOVEit Transfer Group Admin Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-6218
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator. En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), se ha identificado una ruta de escalada de privilegios asociada con los administradores de grupo. Es posible que un administrador de grupo eleve los permisos de los miembros de un grupo al rol de administrador de la organización. • https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023 https://www.progress.com/moveit • CWE-269: Improper Privilege Management •