How severe is CVE-2019-16383?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.4 out of 10.

What type of vulnerability is CVE-2019-16383?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2019-16383 - CRITICAL Severity | CVSS 9.4

Vulnerability Description

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.

Related Vulnerabilities

CVE-2016-5843

CRITICAL

CVSS:9.4(Critical)

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL ...

CWE-892016

CVE-2022-22524

CRITICAL

CVSS:9.4(Critical)

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modif...

CWE-892022

CVE-2022-41271

CRITICAL

CVSS:9.4(Critical)

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming ...

CWE-892022

CVE-2023-49581

CRITICAL

CVSS:9.4(Critical)

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauth...

CWE-892023

CVE-2024-25507

CRITICAL

CVSS:9.4(Critical)

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.

CWE-892024

CVE-2024-25509

CRITICAL

CVSS:9.4(Critical)

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.

CWE-892024