CVE-2024-0396
Missing Server-Side Input Validation in HTTP Parameter
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.
En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), se descubrió un problema de validación de entrada. Un usuario autenticado puede manipular un parámetro en una transacción HTTPS. La transacción modificada podría provocar errores computacionales dentro de MOVEit Transfer y potencialmente resultar en una denegación de servicio.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-10 CVE Reserved
- 2024-01-17 CVE Published
- 2024-01-30 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-113: Interface Manipulation
References (2)
URL | Tag | Source |
---|---|---|
https://www.progress.com/moveit | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024 | 2024-01-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Progress Search vendor "Progress" | Moveit Transfer Search vendor "Progress" for product "Moveit Transfer" | < 2022.0.10 Search vendor "Progress" for product "Moveit Transfer" and version " < 2022.0.10" | - |
Affected
| ||||||
Progress Search vendor "Progress" | Moveit Transfer Search vendor "Progress" for product "Moveit Transfer" | >= 2022.1.0 < 2022.1.11 Search vendor "Progress" for product "Moveit Transfer" and version " >= 2022.1.0 < 2022.1.11" | - |
Affected
| ||||||
Progress Search vendor "Progress" | Moveit Transfer Search vendor "Progress" for product "Moveit Transfer" | >= 2023.0.1 < 2023.0.8 Search vendor "Progress" for product "Moveit Transfer" and version " >= 2023.0.1 < 2023.0.8" | - |
Affected
| ||||||
Progress Search vendor "Progress" | Moveit Transfer Search vendor "Progress" for product "Moveit Transfer" | >= 2023.1.0 < 2023.1.3 Search vendor "Progress" for product "Moveit Transfer" and version " >= 2023.1.0 < 2023.1.3" | - |
Affected
|