CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4563 – The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length
https://notcve.org/view.php?id=CVE-2024-4563
22 May 2024 — The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. La función de exportación de configuración de Progress MOVEit Automation anterior a 2024.0.0 utiliza un método criptográfico con una longitud de bits insuficiente. • https://community.progress.com/s/article/MOVEit-Automation-Vulnerability-CVE-2024-4563-May-22-2024 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-12677
https://notcve.org/view.php?id=CVE-2020-12677
14 May 2020 — An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2. Se detectó un problema en Progress M... • https://community.progress.com/s/article/MOVEit-Automation-Cross-Site-Scripting-Vulnerability-XSS-May-2020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •