Vulnerability Description
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progess | Moveit Transfer | >= 2019.1, < 2019.1.4 |
| Progress | Moveit Transfer | >= 2019.2, < 2019.2.1 |
Related Weaknesses (CWE)
References
- https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-VulnerabilitiePatchVendor Advisory
- https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.Release NotesVendor Advisory
- https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.Release NotesVendor Advisory
- https://status.moveitcloud.com/Product
- https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-VulnerabilitiePatchVendor Advisory
- https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.Release NotesVendor Advisory
- https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.Release NotesVendor Advisory
- https://status.moveitcloud.com/Product
FAQ
What is CVE-2020-8612?
CVE-2020-8612 is a vulnerability with a CVSS score of 9.0 (CRITICAL). In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute...
How severe is CVE-2020-8612?
CVE-2020-8612 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-8612?
Check the references section above for vendor advisories and patch information. Affected products include: Progess Moveit Transfer, Progress Moveit Transfer.