cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-2291,https://securityvulnerability.io/vulnerability/CVE-2024-2291,Logging Bypass Vulnerability Affects MOVEit Transfer Versions," In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.",Progress Software,Moveit Transfer,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-20T14:46:59.040Z,0 CVE-2024-0396,https://securityvulnerability.io/vulnerability/CVE-2024-0396,Missing Server-Side Input Validation in HTTP Parameter,"An input validation vulnerability has been identified in certain versions of MOVEit Transfer, where an authenticated user can manipulate parameters during an HTTPS transaction. This manipulation could initiate computational errors within the system and may lead to unintended denial of service. The affected versions include those released before 2022.0.10, 2022.1.11, 2023.0.8, and 2023.1.3, which require immediate patching to mitigate these potential risks. Organizations using these versions should prioritize updates to enhance their security posture.",Progress Software,MOVEit Transfer,7.1,HIGH,0.000750000006519258,false,false,false,false,,false,false,2024-01-17T15:56:41.390Z,0 CVE-2023-6217,https://securityvulnerability.io/vulnerability/CVE-2023-6217,MOVEit Transfer XSS via MOVEit Gateway," In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.  An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser. ",Progress Software,MOVEit Transfer,6.1,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-11-29T17:15:00.000Z,0 CVE-2023-6218,https://securityvulnerability.io/vulnerability/CVE-2023-6218,MOVEit Transfer Group Admin Privilege Escalation," In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator. ",Progress Software,MOVEit Transfer,7.2,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-11-29T17:15:00.000Z,0 CVE-2023-42660,https://securityvulnerability.io/vulnerability/CVE-2023-42660,MOVEit Transfer Machine Interface SQL Injection," In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content. ",Progress Software,MOVEit Transfer,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2023-09-20T17:15:00.000Z,0 CVE-2023-40043,https://securityvulnerability.io/vulnerability/CVE-2023-40043,MOVEit Transfer System Administrator SQL Injection," In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content. ",Progress Software,MOVEit Transfer,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2023-09-20T17:15:00.000Z,0 CVE-2023-42656,https://securityvulnerability.io/vulnerability/CVE-2023-42656,MOVEit Transfer Reflected XSS," In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface.  An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure.  If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.",Progress Software,Moveit Transfer,6.1,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2023-09-20T17:15:00.000Z,0