vulnerability

Progress MOVEit Transfer: CVE-2019-18465: Missing Authentication for Critical Function

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Oct 31, 2019	Dec 13, 2024	Feb 11, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Oct 31, 2019

Added

Dec 13, 2024

Modified

Feb 11, 2026

Description

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.

Solution

progress-moveit-transfer-upgrade-latest

References

CVE-2019-18465
https://attackerkb.com/topics/CVE-2019-18465
URL-https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability
URL-https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm
CWE-306

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today