CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18465

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile23.24th
PublishedOct 31, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.

Affected Platforms (CPE)

πŸ“¦
Ipswitch

Moveit Transfer

>= 11.1 and < 11.1.3

References & Advisories

πŸ”— https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability
πŸ”— https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm
πŸ”— https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability
πŸ”— https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm

Related Vulnerabilities

CVE-2021-381599.8

In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application co...

CVE-2023-343629.8

MOVEit Transfer SQL Injection vulnerability allows unauthenticated attackers to gain unauthorized access to MOVEit Transfer's data...

CVE-2019-184649.8

In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multipl...

CVE-2017-61959.8

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017...