Uncaught Exception Vulnerability in MOVEit Transfer by Progress
CVE-2023-36933

7.5HIGH

Key Information:

Vendor: Progress
Status: Moveit Transfer
Vendor: CVE Published:; 5 July 2023

Summary

In certain versions of MOVEit Transfer, an attacker can trigger a method leading to an unhandled exception. This situation creates a pathway for unexpected application termination, potentially disrupting services and operations. The affected versions include those prior to 2021.0.9, along with specific releases in the 2021, 2022, and 2023 product lines. This vulnerability emphasizes the need for timely software updates and robust security practices.

References

https://www.progress.com/moveit

https://community.progress.com/s/article/MOVEit-Transfer-...

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 5, 2023
Vulnerability Reserved
Jun 28, 2023