Описание
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.
Уязвимые конфигурации
Конфигурация 1Версия до 2022.0.11 (исключая)Версия от 2022.1.0 (включая) до 2022.1.12 (исключая)Версия от 2023.0.0 (включая) до 2023.0.9 (исключая)Версия от 2023.1.0 (включая) до 2023.1.4 (исключая)
Одно из
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00089
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-778
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
почти 2 года назад
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.
EPSS
Процентиль: 26%
0.00089
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-778
NVD-CWE-Other