{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T14:51:05.820","vulnerabilities":[{"cve":{"id":"CVE-2019-18465","sourceIdentifier":"cve@mitre.org","published":"2019-10-31T17:15:10.477","lastModified":"2024-11-21T04:33:17.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used."},{"lang":"es","value":"En Progress MOVEit Transfer versiones 11.1 anteriores a 11.1.3, se ha encontrado una vulnerabilidad que podría permitir a un atacante iniciar sesión sin credenciales completas por medio de la interfaz SSH (SFTP). La vulnerabilidad afecta solo a determinadas configuraciones SSH (SFTP), y es aplicable solo si la base de datos MySQL está siendo usado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ipswitch:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1","versionEndExcluding":"11.1.3","matchCriteriaId":"EBFF54A6-F11C-4EDE-A023-DDF56F61E857"}]}]}],"references":[{"url":"https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}}]}