CVE-2020-12677

Name of the Vulnerable Software and Affected Versions Progress MOVEit Automation Web Admin versions 2018 through 2018.0 prior to 2018.0.3 Progress MOVEit Automation Web Admin versions 2018 SP1 through 2018.2 prior to 2018.2.3 Progress MOVEit Automation Web Admin versions 2018 SP2 through 2018.3 prior to 2018.3.7 Progress MOVEit Automation Web Admin versions 2019 through 2019.0 prior to 2019.0.3 Progress MOVEit Automation Web Admin versions 2019.1 prior to 2019.1.2 Progress MOVEit Automation Web Admin versions 2019.2 prior to 2019.2.2

Description An issue was discovered in Progress MOVEit Automation Web Admin where a Web Admin application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, also known as a cross-site scripting (XSS) attack.

Recommendations For versions 2018 through 2018.0 prior to 2018.0.3, update to version 2018.0.3 or later. For versions 2018 SP1 through 2018.2 prior to 2018.2.3, update to version 2018.2.3 or later. For versions 2018 SP2 through 2018.3 prior to 2018.3.7, update to version 2018.3.7 or later. For versions 2019 through 2019.0 prior to 2019.0.3, update to version 2019.0.3 or later. For versions 2019.1 prior to 2019.1.2, update to version 2019.1.2 or later. For versions 2019.2 prior to 2019.2.2, update to version 2019.2.2 or later.