Logging Bypass Vulnerability Affects MOVEit Transfer Versions

CVE-2024-2291
4.3MEDIUM

Key Information

Vendor
Progress Software
Status
Moveit Transfer
Vendor
CVE Published:
20 March 2024

Summary

In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.

Affected Version(s)

MOVEit Transfer <= 2022.0.0 (14.0.0)

MOVEit Transfer < 2022.0.11 (14.0.11)

MOVEit Transfer < 2022.1.12 (14.1.12)

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

HackerOne: interl0per
.