Vulnerabilities > Progress > Moveit Transfer > 2023.1.1

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-5806 Unspecified vulnerability in Progress Moveit Transfer
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
network
low complexity
progress
critical
9.8
2024-03-20 CVE-2024-2291 Unspecified vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.
network
low complexity
progress
4.3
2024-01-17 CVE-2024-0396 Unspecified vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered.
network
low complexity
progress
7.1
2023-11-29 CVE-2023-6217 Cross-site Scripting vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.  An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment.
network
low complexity
progress CWE-79
6.1
2023-11-29 CVE-2023-6218 Improper Privilege Management vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.
network
low complexity
progress CWE-269
7.2