Logging Bypass Vulnerability Affects MOVEit Transfer Versions
CVE-2024-2291

4.3MEDIUM

Key Information:

Vendor: Progress Software
Status: Moveit Transfer
Vendor: CVE Published:; 20 March 2024

🔔 Create Progress Software Vulnerability Alert

What is CVE-2024-2291?

In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.

Affected Version(s)

MOVEit Transfer 2022.0.0 (14.0.0)

MOVEit Transfer 2022.0.0 (14.0.0) < 2022.0.11 (14.0.11)

MOVEit Transfer 2022.1.0 (14.1.0) < 2022.1.12 (14.1.12)

References

https://www.progress.com/moveit

product

https://community.progress.com/s/article/MOVEit-Transfer-...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Mar 7, 2024

Credit

HackerOne: interl0per