threat
engine
.sh
Back
·
··:··
Home
/
Product
/
progress moveit transfer
Product
progress moveit transfer
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-11235
>= 2022.0.0 and < 2022.0.10
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Trans
3.7
LOW
CVE-2025-13147
< 2024.1.8
Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8,
5.3
MEDIUM
CVE-2025-2324
>= 2023.1.0 and < 2023.1.12
Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allo
5.9
MEDIUM
CVE-2024-6576
>= 2023.0.0 and < 2023.0.12
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affect
7.3
HIGH
CVE-2024-5806
>= 2023.0.0 and < 2023.0.11
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affec
9.1
CRITICAL
CVE-2024-2291
< 2022.0.11
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4
4.3
MEDIUM
CVE-2024-0396
< 2022.0.10
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3
7.1
HIGH
CVE-2023-6218
<= 2021.1.0
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escala
7.2
HIGH
CVE-2023-6217
<= 2021.1.0
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross
7.1
HIGH
CVE-2023-42660
< 2021.1.8
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a
8.8
HIGH
CVE-2023-42656
< 2021.1.8
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a
6.1
MEDIUM
CVE-2023-40043
< 2021.1.8
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a
7.2
HIGH
CVE-2023-36934
< 12.1.11
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8)
9.1
CRITICAL
CVE-2023-36933
< 2020.1.11
In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.
7.5
HIGH
CVE-2023-36932
< 2020.1.11
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8)
8.1
HIGH
CVE-2023-35708
< 2020.1.10
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.
9.8
CRITICAL
CVE-2023-35036
< 2021.0.7
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.
9.1
CRITICAL
CVE-2023-34362
< 2021.0.7
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.
9.8
CRITICAL
CVE-2021-38159
< 2019.0.8
In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application co
9.8
CRITICAL
CVE-2021-37614
< 2019.0.7
In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application co
8.8
HIGH
CVE-2021-33894
< 2019.0.6
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x
8.8
HIGH
CVE-2021-31827
< 2021.0
In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that
8.8
HIGH
CVE-2020-28647
< 2020.1
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim wi
5.4
MEDIUM
CVE-2020-8612
>= 2019.2 and < 2019.2.1
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize m
9.0
CRITICAL
CVE-2020-8611
>= 2019.2 and < 2019.2.1
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been fo
8.8
HIGH
CVE-2019-18465
>= 11.1 and < 11.1.3
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without ful
9.8
CRITICAL
CVE-2019-18464
>= 10.2.0 and < 10.2.6
In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multipl
9.8
CRITICAL
CVE-2019-16383
>= 10.2.0 and < 10.2.4
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an u
9.4
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin