Vulnerability Description
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progress | Moveit Transfer | < 2021.1.8 |
Related Weaknesses (CWE)
References
- https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-Vendor Advisory
- https://www.progress.com/moveitProduct
- https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-Vendor Advisory
- https://www.progress.com/moveitProduct
FAQ
What is CVE-2023-42660?
CVE-2023-42660 is a vulnerability with a CVSS score of 8.8 (HIGH). In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transf...
How severe is CVE-2023-42660?
CVE-2023-42660 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-42660?
Check the references section above for vendor advisories and patch information. Affected products include: Progress Moveit Transfer.