Cross-Site Scripting Vulnerability in Progress MOVEit Automation
CVE-2020-12677

6.1MEDIUM

Key Information:

Vendor

Progress

Status
Moveit Automation
Vendor
CVE Published:
14 May 2020

What is CVE-2020-12677?

A vulnerability in Progress MOVEit Automation Web Admin allows unauthenticated attackers to exploit insufficient input sanitization, potentially leading to arbitrary code execution in users' browsers. Specifically, this weakness affects various versions of the product, including multiple releases from 2018 to 2019. Successful exploitation may grant malicious actors the ability to run harmful scripts, posing significant security risks for affected users.

References

https://community.progress.com/s/article/MOVEit-Automatio...
x_refsource_CONFIRM
https://docs.ipswitch.com/MOVEit/Automation2018/ReleaseNo...
x_refsource_CONFIRM
https://docs.ipswitch.com/MOVEit/Automation2018SP1/Releas...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.