CVE-2021-31827
Summary
| CVE | CVE-2021-31827 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-18 12:15:00 UTC |
| Updated | 2021-05-25 15:04:00 UTC |
| Description | In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. This is in MOVEit.DMZ.WebApp in SILHuman.vb. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Progress | Moveit Transfer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| What's New in MOVEit Transfer | MISC | docs.ipswitch.com | |
| Progress Customer Community | MISC | community.progress.com | |
| MOVEit Secure Managed File Transfer Software | Progress | MISC | www.progress.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.