PT-2019-15422 · Ipswitch · Moveit Transfer
Published
2019-10-31
·
Updated
2019-11-04
·
CVE-2019-18465
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MOVEit Transfer versions 11.1 through 11.1.2
Description
A vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The issue affects only certain SSH (SFTP) configurations and is applicable only if the MySQL database is being used.
Recommendations
For MOVEit Transfer versions 11.1 through 11.1.2, update to version 11.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSH (SFTP) interface until the update is applied.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moveit Transfer