SQL injection vulnerability in MOVEit Transfer - CVE-2021-31827ID: oval:org.secpod.oval:def:96163 | Date: (C)2023-12-27 (M)2023-12-27 |
Class: VULNERABILITY | Family: windows |
The host is installed with MOVEit Transfer 2019.0.x before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.0.x before 2020.0.5 (12.0.5) or 2020.1.x before 2020.1.4 (12.1.4) and is prone to a SQL injection vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.
Platform: |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |