Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-36933

In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.

Published

2023-07-05T16:15:09.740

Last Modified

2024-11-21T08:10:56.927

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-755

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	moveit_transfer	< 2020.1.11	Yes
Application	progress	moveit_transfer	< 2021.0.9	Yes
Application	progress	moveit_transfer	< 2021.1.7	Yes
Application	progress	moveit_transfer	< 2022.0.7	Yes
Application	progress	moveit_transfer	< 2022.1.8	Yes
Application	progress	moveit_transfer	< 2023.0.4	Yes

References

https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Release Notes, Vendor Advisory ([email protected])
https://www.progress.com/moveit Product ([email protected])
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.progress.com/moveit Product (af854a3a-2127-422b-91ae-364da2661108)