Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

File Management

MOVEit Transfer

MOVEit is a managed file transfer software product produced by Progress Software. MOVEit encrypts files and uses file transfer protocols such as FTP(S) or SFTP to transfer data as well as providing automation services analytics and failover options.

Official Site:

https://www.progress.com/moveit

Severity Summary:

Critical: 7 High: 10 Medium: 4
Reference
Title
Severity
CVE-2024-5806
MOVEit Transfer Vulnerability
Critical
CVE-2023-35708
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2020-8612
MOVEit Transfer Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2021-38159
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2023-36934
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)
Critical
CVE-2023-35036
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2023-34362
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2023-6218
MOVEit Transfer Improper Privilege Management Vulnerability
High
CVE-2023-42660
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-40043
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-36932
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2024-0396
MOVEit Transfer Vulnerability
High
CVE-2021-37614
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-33894
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-31827
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2020-8611
MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-36933
MOVEit Transfer Improper Handling of Exceptional Conditions Vulnerability
High
CVE-2023-6217
MOVEit Transfer Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-42656
MOVEit Transfer Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-2291
MOVEit Transfer Other Vulnerability
Medium
CVE-2020-28647
MOVEit Transfer Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium