Moveit Automation
CVE-2024-4563
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length.
AnalysisAI
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-327. The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. Affected products include: Progress Moveit Automation. Version information: prior to 2024.0.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Moveit Automation
View allAuthentication bypass in Progress MOVEit Automation allows remote unauthenticated attackers to completely circumvent aut
Improper input validation in Progress MOVEit Automation enables authenticated low-privilege attackers to escalate privil
Incorrect default permissions in Progress Software MOVEit Automation expose embedded sensitive data to authenticated low
An issue was discovered in Progress MOVEit Automation Web Admin. Rated medium severity (CVSS 6.1), this vulnerability is
Uncontrolled memory allocation in Progress Software MOVEit Automation exposes the application to remote denial-of-servic
Unauthenticated remote flooding of Progress Software MOVEit Automation exploits a missing resource throttling control (C
Unauthenticated resource exhaustion in Progress Software MOVEit Automation enables a low-privileged remote attacker to d
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today