CVE-2023-42660
CVSS V2 None
CVSS V3 None
Description
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.
Overview
- CVE ID
- CVE-2023-42660
- Assigner
- ProgressSoftware
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-09-20T16:04:54.432Z
- Last Modified Date
- 2023-09-20T16:15:03.255Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.progress.com/moveit | product |
| https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023 | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-42660 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42660 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 13:53:33 | Added to TrackCVE |