Vulnerability Description
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipswitch | Moveit Transfer | >= 11.1, < 11.1.3 |
Related Weaknesses (CWE)
References
- https://community.ipswitch.com/s/article/SFTP-Auth-VulnerabilityThird Party Advisory
- https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.Release NotesThird Party Advisory
- https://community.ipswitch.com/s/article/SFTP-Auth-VulnerabilityThird Party Advisory
- https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.Release NotesThird Party Advisory
FAQ
What is CVE-2019-18465?
CVE-2019-18465 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects ...
How severe is CVE-2019-18465?
CVE-2019-18465 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18465?
Check the references section above for vendor advisories and patch information. Affected products include: Ipswitch Moveit Transfer.