CVE-2019-18465

EPSS 0.02%
Published 31.10.2019 17:15:10
Last modified 21.11.2024 04:33:17
Source cve@mitre.org
Teams watchlist Login
Open Login

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ipswitch ≫ Moveit Transfer Version >= 11.1 < 11.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.027

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm

Third Party Advisory

Release Notes

https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18465

EUVD