SB2019103128 - Multiple vulnerabilities in Progress MOVEit Transfer
Published: October 31, 2019 Updated: May 30, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2019-18464)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the REST API. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
2) Missing Authentication for Critical Function (CVE-ID: CVE-2019-18465)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a logic error that allows a remote authenticated attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.
Remediation
Install update from vendor's website.
References
- https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability-2
- https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm
- https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm
- https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm
- https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability