Managed file transfer
This hub aggregates every CVE we track for Managed file transfer, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
18
CVEs tracked
2
Critical
10
High
0
In CISA KEV
Severity distribution
HIGH10MEDIUM6CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Managed file transfer.
- CVE-2022-24110Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.6.5
- CVE-2022-23181Local privilege escalation with FileStore7.0
- CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9
- CVE-2021-42340DoS via memory leak with WebSocket connections7.5
- CVE-2021-33037Incorrect Transfer-Encoding handling with HTTP/1.05.3
- CVE-2021-25122Apache Tomcat h2c request mix-up7.5
- CVE-2021-25329Incomplete fix for CVE-2020-94847.0
- CVE-2020-13935The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could...7.5
- CVE-2020-13934An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number o...7.5
- CVE-2020-9484When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server...7.0
- CVE-2019-10219A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. T...6.1
- CVE-2019-17359The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.7.5
- CVE-2019-2538Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware (subcomponent: MFT Runtime Server). Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easil...7.1
- CVE-2018-1000613Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('U...9.8
- CVE-2018-1000180Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with add...7.5
Product normalization is registry-driven with AI assist and human review. How it works