admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-03xx/CVE-2024-0396.json
cad-safe-bot 72fded51cf Auto-Update: 2024-01-29T17:00:25.457001+00:00
2024-01-29 17:00:29 +00:00

138 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-0396",
"sourceIdentifier": "security@progress.com",
"published": "2024-01-17T16:15:46.623",
"lastModified": "2024-01-29T15:22:40.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIn Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.\n\n"
},
{
"lang": "es",
"value": "En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), se descubri\u00f3 un problema de validaci\u00f3n de entrada. Un usuario autenticado puede manipular un par\u00e1metro en una transacci\u00f3n HTTPS. La transacci\u00f3n modificada podr\u00eda provocar errores computacionales dentro de MOVEit Transfer y potencialmente resultar en una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2022.0.10",
"matchCriteriaId": "B392A9C3-723E-48B9-83F9-C020A3FA4A88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2022.1.0",
"versionEndExcluding": "2022.1.11",
"matchCriteriaId": "E4327F71-29F5-42BE-BB63-55912ACD82F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.0.1",
"versionEndExcluding": "2023.0.8",
"matchCriteriaId": "8D751E70-646C-4CB4-92A5-A53EB0505025"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2023.1.0",
"versionEndExcluding": "2023.1.3",
"matchCriteriaId": "E05648FB-598C-4884-BDFC-6C16C7152016"
}
]
}
]
}
],
"references": [
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024",
"source": "security@progress.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.progress.com/moveit",
"source": "security@progress.com",
"tags": [
"Product"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink