PT-2020-20236 · Ipswitch · Moveit Transfer

Published

2020-02-14

Updated

2020-02-20

CVE-2020-8612

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2019.1 through 2019.1.3 MOVEit Transfer versions 2019.2 through 2019.2.0

Description The issue is related to a REST API endpoint that failed to properly sanitize malicious input. This could allow an authenticated attacker to execute arbitrary code in a victim's browser. The attack is facilitated through a cross-site scripting (XSS) mechanism.

Recommendations For MOVEit Transfer versions 2019.1 through 2019.1.3, update to version 2019.1.4 or later. For MOVEit Transfer versions 2019.2 through 2019.2.0, update to version 2019.2.1 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-8612

Affected Products

Moveit Transfer

PT-2020-20236 · Ipswitch · Moveit Transfer

CVE-2020-8612

Weakness Enumeration

Related Identifiers

Affected Products

References · 6