Published: 24/09/2019 Updated: 14/04/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.4 | Impact Score: 5.5 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 prior to 10.2.4, 2019 prior to 11.0.2, and 2019.1 prior to 11.1.1 allows an unauthenticated malicious user to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ipswitch moveit transfer

MOVEit Transfer version 1111 suffers from a remote SQL injection vulnerability ...

CWE-89 https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm http://packetstormsecurity.com/files/157208/MOVEit-Transfer-11.1.1-SQL-Injection.html https://nvd.nist.gov https://packetstormsecurity.com/files/157208/MOVEit-Transfer-11.1.1-SQL-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-16383

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect