CVE-2019-16383 : Security Advisory and Response
CVE-2019-16383 allows unauthenticated attackers to access and manipulate MOVEit Transfer databases through SQL Injection. Learn about the impact, affected versions, and mitigation steps.
An unauthenticated attacker can gain unauthorized access to the database in MOVEit Transfer 2018 SP2 prior to 10.2.4, 2019 prior to 11.0.2, and 2019.1 prior to 11.1.1 through the MOVEit.DMZ.WebApi.dll. This can result in the attacker inferring information about the database's structure and contents, or even manipulating the database via the REST API. This vulnerability is also known as SQL Injection and its impact can vary depending on the type of database engine in use, such as MySQL, Microsoft SQL Server, or Azure SQL.
Understanding CVE-2019-16383
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.
What is CVE-2019-16383?
CVE-2019-16383 is a vulnerability in MOVEit Transfer versions that allows unauthenticated attackers to access the database and potentially manipulate its contents through SQL Injection.
The Impact of CVE-2019-16383
The vulnerability can lead to unauthorized access to the database, enabling attackers to gather sensitive information, modify data, or disrupt the system's operation. The severity varies based on the targeted database engine.
Technical Details of CVE-2019-16383
MOVEit.DMZ.WebApi.dll in MOVEit Transfer versions prior to 10.2.4, 11.0.2, and 11.1.1 is susceptible to SQL Injection attacks.
Vulnerability Description
An unauthenticated attacker can exploit the vulnerability to access and potentially manipulate the database, posing a significant security risk.
Affected Systems and Versions
- MOVEit Transfer 2018 SP2 before 10.2.4
- MOVEit Transfer 2019 before 11.0.2
- MOVEit Transfer 2019.1 before 11.1.1
Exploitation Mechanism
The vulnerability is exploited through the MOVEit.DMZ.WebApi.dll component, allowing unauthorized access to the database and potential data manipulation.
Mitigation and Prevention
It is crucial to take immediate steps to address and prevent the exploitation of CVE-2019-16383.
Immediate Steps to Take
- Update MOVEit Transfer to versions 10.2.4, 11.0.2, or 11.1.1 to mitigate the vulnerability.
- Monitor database activities for any unauthorized access or modifications.
Long-Term Security Practices
- Implement strict access controls and authentication mechanisms.
- Regularly audit and review database configurations and security settings.
Patching and Updates
- Apply security patches and updates provided by MOVEit to ensure the system is protected against known vulnerabilities.