CVE-2019-18465

EPSS 0.02%
Veröffentlicht 31.10.2019 17:15:10
Zuletzt bearbeitet 21.11.2024 04:33:17
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ipswitch ≫ Moveit Transfer Version >= 11.1 < 11.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm

Third Party Advisory

Release Notes

https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18465

EUVD