CVE-2019-18465

Published: Oct 31, 2019Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used.

Affected (1)

Products: Ipswitch: Moveit Transfer

1 product

Moveit Transfer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ipswitch Moveit Transfer	From 11.1 to 11.1.3

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability

Source: cve@mitre.org

Third Party Advisory

https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm

Source: cve@mitre.org

Release NotesThird Party Advisory

https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.