CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-18465

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile23.24th
Published2019年10月31日
Last Modified2024年11月21日

Vulnerability Description

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.

Affected Platforms (CPE)

📦
Ipswitch

Moveit Transfer

>= 11.1 and < 11.1.3

References & Advisories

🔗 https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability
🔗 https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm
🔗 https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability
🔗 https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm

関連する脆弱性情報

CVE-2021-381599.8

In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application co...

CVE-2023-343629.8

MOVEit Transfer SQL Injection vulnerability allows unauthenticated attackers to gain unauthorized access to MOVEit Transfer's data...

CVE-2019-184649.8

In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multipl...

CVE-2017-61959.8

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017...