CVE-2019-18465

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 11.1 through 11.1.2

Description A vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The issue affects only certain SSH (SFTP) configurations and is applicable only if the MySQL database is being used.

Recommendations For MOVEit Transfer versions 11.1 through 11.1.2, update to version 11.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSH (SFTP) interface until the update is applied.