CVE-2023-36933

{"id": "CVE-2023-36933", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-07-05T16:15:09.740", "references": [{"url": "https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.progress.com/moveit", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.progress.com/moveit", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly."}], "lastModified": "2024-11-21T08:10:56.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20EBACE7-9CEE-460F-9762-6B390E992E9E", "versionEndExcluding": "2020.1.11"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4FAFFDF-9990-405B-9FC6-77FAB1D580DD", "versionEndExcluding": "2021.0.9", "versionStartIncluding": "2021.0"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D6B93D5-C069-45A3-ABC5-26B2EBBAE204", "versionEndExcluding": "2021.1.7", "versionStartIncluding": "2021.1.0"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D02CADA-98EC-4CBA-95A0-7D4064BD5445", "versionEndExcluding": "2022.0.7", "versionStartIncluding": "2022.0.0"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9463F53E-4941-4658-AB1D-0056B4E076F5", "versionEndExcluding": "2022.1.8", "versionStartIncluding": "2022.1.0"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E19DF4E3-FAF8-4A4B-B2C5-7013BABBDBB5", "versionEndExcluding": "2023.0.4", "versionStartIncluding": "2023.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}