CVE-2024-0396

{"id": "CVE-2024-0396", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@progress.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2024-01-17T16:15:46.623", "references": [{"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024", "tags": ["Vendor Advisory"], "source": "security@progress.com"}, {"url": "https://www.progress.com/moveit", "tags": ["Product"], "source": "security@progress.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security@progress.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "\nIn Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.\n\n"}, {"lang": "es", "value": "En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), se descubri\u00f3 un problema de validaci\u00f3n de entrada. Un usuario autenticado puede manipular un par\u00e1metro en una transacci\u00f3n HTTPS. La transacci\u00f3n modificada podr\u00eda provocar errores computacionales dentro de MOVEit Transfer y potencialmente resultar en una denegaci\u00f3n de servicio."}], "lastModified": "2024-01-29T15:22:40.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B392A9C3-723E-48B9-83F9-C020A3FA4A88", "versionEndExcluding": "2022.0.10"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4327F71-29F5-42BE-BB63-55912ACD82F7", "versionEndExcluding": "2022.1.11", "versionStartIncluding": "2022.1.0"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D751E70-646C-4CB4-92A5-A53EB0505025", "versionEndExcluding": "2023.0.8", "versionStartIncluding": "2023.0.1"}, {"criteria": "cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E05648FB-598C-4884-BDFC-6C16C7152016", "versionEndExcluding": "2023.1.3", "versionStartIncluding": "2023.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@progress.com"}