CVE-2020-8612 Information

Description

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 a REST API endpoint failed to adequately sanitize malicious input which could allow an authenticated attacker to execute arbitrary code in a victim’s browser aka XSS.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Reference

https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020 https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm49443.htm https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm49677.htm https://status.moveitcloud.com/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.0