Progress Moveit Transfer — known CVE vulnerabilities
Every CVE whose affected-product data names Progress Moveit Transfer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2021-38159 — CVSS 9.8 (critical): In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow…
CVE-2023-35708 — CVSS 9.8 (critical): In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL…
CVE-2023-36934 — CVSS 9.1 (critical): In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and…
CVE-2023-35036 — CVSS 9.1 (critical): In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL…
CVE-2024-5806 — CVSS 9.1 (critical): Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit…
CVE-2020-8612 — CVSS 9.0 (critical): In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious…
CVE-2021-31827 — CVSS 8.8 (high): In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could…
CVE-2023-42660 — CVSS 8.8 (high): In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL…
CVE-2020-8611 — CVSS 8.8 (high): In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in…
CVE-2021-33894 — CVSS 8.8 (high): In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before…
CVE-2021-37614 — CVSS 8.8 (high): In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application could allow…
CVE-2023-36932 — CVSS 8.1 (high): In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and…
CVE-2023-36933 — CVSS 7.5 (high): In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is…
CVE-2024-6576 — CVSS 7.3 (high): Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit…
CVE-2023-6218 — CVSS 7.2 (high): In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path…
CVE-2023-40043 — CVSS 7.2 (high): In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL…
CVE-2023-6217 — CVSS 7.1 (high): In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site…
CVE-2024-0396 — CVSS 7.1 (high): In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an…
CVE-2023-42656 — CVSS 6.1 (medium): In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a…
CVE-2025-2324 — CVSS 5.9 (medium): Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows…
CVE-2020-28647 — CVSS 5.4 (medium): In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the…
CVE-2024-2291 — CVSS 4.3 (medium): In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a…
CVE-2025-11235 — CVSS 3.7 (low): Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from…