{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T03:48:39.010","vulnerabilities":[{"cve":{"id":"CVE-2023-42660","sourceIdentifier":"security@progress.com","published":"2023-09-20T17:15:11.550","lastModified":"2024-11-21T08:22:54.447","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nIn Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.\n\n"},{"lang":"es","value":"En las versiones de MOVEit Transfer lanzadas antes de 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), se ha identificado una vulnerabilidad de inyección SQL en la interfaz de la máquina MOVEit Transfer que podría permitir que un atacante autenticado obtenga acceso no autorizado a la base de datos de MOVEit Transfer. Un atacante podría enviar un payload manipulado a la interfaz de la máquina MOVEit Transfer, lo que podría provocar la modificación y divulgación del contenido de la base de datos de MOVEit.\n"}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionEndExcluding":"2021.1.8","matchCriteriaId":"F6E9F262-3E55-48FF-94A0-09C0C80FE7C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.0.0","versionEndExcluding":"2022.0.8","matchCriteriaId":"B1FFF5B1-D887-48EA-BFD1-FBD9F699DEA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.1.0","versionEndExcluding":"2022.1.9","matchCriteriaId":"64138C94-BAB8-45D2-93A1-31FC4D4F1E41"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.0.0","versionEndExcluding":"2023.0.6","matchCriteriaId":"C35AF1A0-05E8-4F69-9F99-91925C490EE9"}]}]}],"references":[{"url":"https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023","source":"security@progress.com","tags":["Vendor Advisory"]},{"url":"https://www.progress.com/moveit","source":"security@progress.com","tags":["Product"]},{"url":"https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.progress.com/moveit","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}