{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T15:22:06.000","vulnerabilities":[{"cve":{"id":"CVE-2024-2291","sourceIdentifier":"security@progress.com","published":"2024-03-20T15:15:08.010","lastModified":"2025-01-16T18:02:45.747","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"\nIn Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly."},{"lang":"es","value":"Se ha descubierto una vulnerabilidad de omisión de registro en las versiones de MOVEit Transfer publicadas antes de 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4). Un usuario autenticado podría manipular una solicitud para omitir el mecanismo de registro dentro de la aplicación web, lo que da como resultado que la actividad del usuario no se registre correctamente."}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-778"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionEndExcluding":"2022.0.11","matchCriteriaId":"A33F43C2-F905-43C3-A9D4-671BEE079C68"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.1.0","versionEndExcluding":"2022.1.12","matchCriteriaId":"2BD95EE0-833F-42E9-BCCA-EC4089AB6E62"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.0.0","versionEndExcluding":"2023.0.9","matchCriteriaId":"D682546D-079E-431A-BFA9-DEF714BA364A"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.1.0","versionEndExcluding":"2023.1.4","matchCriteriaId":"E72FDB08-3760-4472-A60C-BDDD51B25708"}]}]}],"references":[{"url":"https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024","source":"security@progress.com","tags":["Vendor Advisory"]},{"url":"https://www.progress.com/moveit","source":"security@progress.com","tags":["Product"]},{"url":"https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.progress.com/moveit","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}