// For flags

CVE-2024-0396

Missing Server-Side Input Validation in HTTP Parameter

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.

En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), se descubrió un problema de validación de entrada. Un usuario autenticado puede manipular un parámetro en una transacción HTTPS. La transacción modificada podría provocar errores computacionales dentro de MOVEit Transfer y potencialmente resultar en una denegación de servicio.

*Credits: HackerOne: p-v-p
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-01-10 CVE Reserved
  • 2024-01-17 CVE Published
  • 2024-01-30 EPSS Updated
  • 2024-11-13 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
  • CAPEC-113: Interface Manipulation
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Progress
Search vendor "Progress"
Moveit Transfer
Search vendor "Progress" for product "Moveit Transfer"
< 2022.0.10
Search vendor "Progress" for product "Moveit Transfer" and version " < 2022.0.10"
-
Affected
Progress
Search vendor "Progress"
Moveit Transfer
Search vendor "Progress" for product "Moveit Transfer"
>= 2022.1.0 < 2022.1.11
Search vendor "Progress" for product "Moveit Transfer" and version " >= 2022.1.0 < 2022.1.11"
-
Affected
Progress
Search vendor "Progress"
Moveit Transfer
Search vendor "Progress" for product "Moveit Transfer"
>= 2023.0.1 < 2023.0.8
Search vendor "Progress" for product "Moveit Transfer" and version " >= 2023.0.1 < 2023.0.8"
-
Affected
Progress
Search vendor "Progress"
Moveit Transfer
Search vendor "Progress" for product "Moveit Transfer"
>= 2023.1.0 < 2023.1.3
Search vendor "Progress" for product "Moveit Transfer" and version " >= 2023.1.0 < 2023.1.3"
-
Affected