CVE-2024-0396

Published Jan 17, 2024

Last updated 23 days ago

Overview

Description
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.
Source
security@progress.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
7.1
Impact score
4.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Severity
HIGH

Weaknesses

security@progress.com
CWE-20
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

Configurations