CVE-2024-2291

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-778
View all →

Vulnerability Description

In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.

Related Vulnerabilities

CVE-2019-19295

MEDIUM
CVSS:4.3(Medium)

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based co...

CWE-7782019

CVE-2022-25783

MEDIUM
CVSS:4.3(Medium)

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.

CWE-7782022

CVE-2021-33689

LOW
CVSS:3.5(Low)

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, securit...

CWE-7782021

CVE-2021-32680

LOW
CVSS:3.3(Low)

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for th...

CWE-7782021

CVE-2025-2562

MEDIUM
CVSS:5.4(Medium)

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via ...

CWE-7782025

CVE-2025-32967

MEDIUM
CVSS:5.4(Medium)

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded...

CWE-7782025