CVE-2024-2291
MOVEit Transfer Logging Bypass Vulnerability
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.
*Credits:
HackerOne: interl0per
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-25 First Exploit
- 2024-03-07 CVE Reserved
- 2024-03-20 CVE Published
- 2024-03-21 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-778: Insufficient Logging
CAPEC
- CAPEC-268: Audit Log Manipulation
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.progress.com/moveit | Product |
| URL | Date | SRC |
|---|---|---|
| https://github.com/ASR511-OO7/CVE-2024-22917 | 2024-02-25 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024 | 2024-03-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Progress Software Search vendor "Progress Software" | MOVEit Transfer Search vendor "Progress Software" for product "MOVEit Transfer" | < 2022.0.11 (14.0.11) Search vendor "Progress Software" for product "MOVEit Transfer" and version " < 2022.0.11 (14.0.11)" | en |
Affected
| ||||||
| Progress Software Search vendor "Progress Software" | MOVEit Transfer Search vendor "Progress Software" for product "MOVEit Transfer" | < 2022.1.12 (14.1.12) Search vendor "Progress Software" for product "MOVEit Transfer" and version " < 2022.1.12 (14.1.12)" | en |
Affected
| ||||||
| Progress Software Search vendor "Progress Software" | MOVEit Transfer Search vendor "Progress Software" for product "MOVEit Transfer" | < 2023.0.9 (15.0.9) Search vendor "Progress Software" for product "MOVEit Transfer" and version " < 2023.0.9 (15.0.9)" | en |
Affected
| ||||||
| Progress Software Search vendor "Progress Software" | MOVEit Transfer Search vendor "Progress Software" for product "MOVEit Transfer" | < 2023.1.4 (15.1.4) Search vendor "Progress Software" for product "MOVEit Transfer" and version " < 2023.1.4 (15.1.4)" | en |
Affected
| ||||||