OR
     *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions up to (excluding) 2020.1.10
     *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.0.6 up to (excluding) 2021.0.8
     *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2021.1.4 up to (excluding) 2021.1.6
     *cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* versions from (including) 2022.0.4 up to (excluding) 2022.0.6
     *cpe:2.3:a:progress:moveit_transfer:*:*:*

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST CWE-89

https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 No Types Assigned

https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 Mitigation, Patch, Vendor Advisory

https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability No Types Assigned

https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability Third Party Advisory, US Government Resource

https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability No Types Assigned

https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability Vendor Advisory

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. The availab

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are f

Progress MOVEit Transfer has a privilege escalation vulnerability that can be addressed with DLL drop-in version 2023.0.3 (15.0.3) and other specific fixed versions (stated below). The availability date of fixed versions of the DLL drop-in is earlier than the availability date of fixed versions of the full installer. The specific weakness and impact details will be mentioned in a later update to this CVE Record. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8),

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. The availab