cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-2291,https://securityvulnerability.io/vulnerability/CVE-2024-2291,Logging Bypass Vulnerability Affects MOVEit Transfer Versions," In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.",Progress Software,Moveit Transfer,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-20T14:46:59.040Z,0 CVE-2024-0396,https://securityvulnerability.io/vulnerability/CVE-2024-0396,Missing Server-Side Input Validation in HTTP Parameter,"An input validation vulnerability has been identified in certain versions of MOVEit Transfer, where an authenticated user can manipulate parameters during an HTTPS transaction. This manipulation could initiate computational errors within the system and may lead to unintended denial of service. The affected versions include those released before 2022.0.10, 2022.1.11, 2023.0.8, and 2023.1.3, which require immediate patching to mitigate these potential risks. Organizations using these versions should prioritize updates to enhance their security posture.",Progress Software,MOVEit Transfer,7.1,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2024-01-17T15:56:41.390Z,0 CVE-2023-6218,https://securityvulnerability.io/vulnerability/CVE-2023-6218,MOVEit Transfer Group Admin Privilege Escalation,"A privilege escalation vulnerability has been identified in MOVEit Transfer, affecting versions prior to 2022.0.9, 2022.1.10, and 2023.0.7. This flaw allows a group administrator to elevate the permissions of a group member, granting them the capabilities of an organization administrator. This opens up potential unauthorized access and control over sensitive data within the organization. It is crucial for users to upgrade to the latest versions to mitigate risks associated with this vulnerability.",Progress Software,MOVEit Transfer,7.2,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-11-29T17:15:00.000Z,0 CVE-2023-6217,https://securityvulnerability.io/vulnerability/CVE-2023-6217,MOVEit Transfer XSS via MOVEit Gateway," In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.  An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser. ",Progress Software,MOVEit Transfer,6.1,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-11-29T17:15:00.000Z,0 CVE-2023-42656,https://securityvulnerability.io/vulnerability/CVE-2023-42656,MOVEit Transfer Reflected XSS," In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface.  An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure.  If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.",Progress Software,Moveit Transfer,6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-09-20T17:15:00.000Z,0 CVE-2023-40043,https://securityvulnerability.io/vulnerability/CVE-2023-40043,MOVEit Transfer System Administrator SQL Injection,"A SQL injection vulnerability exists in the MOVEit Transfer web interface, allowing a system administrator account to send a specially crafted payload. This could lead to unauthorized access to the MOVEit Transfer database, enabling potential modification and disclosure of sensitive database content. Users of impacted versions are encouraged to assess their environments and apply necessary security measures.",Progress Software,MOVEit Transfer,7.2,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-09-20T17:15:00.000Z,0 CVE-2023-42660,https://securityvulnerability.io/vulnerability/CVE-2023-42660,MOVEit Transfer Machine Interface SQL Injection,"A security flaw has been detected in MOVEit Transfer, where an authenticated attacker may exploit a SQL injection vulnerability within the machine interface. This issue allows an attacker to submit a carefully crafted payload, potentially leading to unauthorized access, modification, or disclosure of sensitive database content. Users of MOVEit Transfer should review their current versions and apply necessary updates to mitigate potential threats.",Progress Software,MOVEit Transfer,8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-09-20T17:15:00.000Z,0