MOVEit Transfer Machine Interface SQL Injection
CVE-2023-42660

8.8HIGH

Key Information:

Vendor: Progress Software
Status: MOVEit Transfer
Vendor: CVE Published:; 20 September 2023

Summary

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.

Affected Version(s)

MOVEit Transfer 2023.0.0 (15.0.0)

MOVEit Transfer 2023.0.0 (15.0.0) < 2023.0.6 (15.0.6)

MOVEit Transfer 2022.1.0 (14.1.0) < 2022.1.9 (14.1.9)

References

https://www.progress.com/moveit

product

https://community.progress.com/s/article/MOVEit-Transfer-...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Sep 12, 2023

Collectors

NVD DatabaseMitre Database