CVE-2020-8611

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2019.1 through 2019.1.3 MOVEit Transfer versions 2019.2 through 2019.2.0

Description Multiple SQL Injection vulnerabilities have been found in the REST API of MOVEit Transfer, which could allow an authenticated attacker to gain unauthorized access to the database via the REST API. Depending on the database engine being used, such as MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to infer information about the structure and contents of the database, in addition to executing SQL statements that alter or destroy database elements.

Recommendations For MOVEit Transfer versions 2019.1 through 2019.1.3, update to version 2019.1.4 or later. For MOVEit Transfer versions 2019.2 through 2019.2.0, update to version 2019.2.1 or later.