Описание
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
Ссылки
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 11.1 (включая) до 11.1.3 (исключая)
cpe:2.3:a:ipswitch:moveit_transfer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 4%
0.00019
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
EPSS
Процентиль: 4%
0.00019
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-306