CVE-2024-0396
Published Jan 17, 2024
Last updated 10 months ago
Overview
- Description
- In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.
- Source
- security@progress.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 4.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- security@progress.com
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B392A9C3-723E-48B9-83F9-C020A3FA4A88",
"versionEndExcluding": "2022.0.10"
},
{
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4327F71-29F5-42BE-BB63-55912ACD82F7",
"versionEndExcluding": "2022.1.11",
"versionStartIncluding": "2022.1.0"
},
{
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D751E70-646C-4CB4-92A5-A53EB0505025",
"versionEndExcluding": "2023.0.8",
"versionStartIncluding": "2023.0.1"
},
{
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E05648FB-598C-4884-BDFC-6C16C7152016",
"versionEndExcluding": "2023.1.3",
"versionStartIncluding": "2023.1.0"
}
],
"operator": "OR"
}
]
}
]