CVE-2024-2291

In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ProgressSoftwareCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
progressmoveit_transfer
𝑥
< 2022.0.11
progressmoveit_transfer
2022.1.0 ≤
𝑥
< 2022.1.12
progressmoveit_transfer
2023.0.0 ≤
𝑥
< 2023.0.9
progressmoveit_transfer
2023.1.0 ≤
𝑥
< 2023.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024
https://www.progress.com/moveit
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024
https://www.progress.com/moveit