![microsoft visio viewer 2002 vulnerability microsoft visio viewer 2002 vulnerability](https://vignette.wikia.nocookie.net/logopedia/images/e/e4/Outlook365NewIcon.png)
![microsoft visio viewer 2002 vulnerability microsoft visio viewer 2002 vulnerability](https://bvisual.net/wp-content/uploads/2019/11/img_5db2d7eaaf29d.jpg)
In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database.
Microsoft visio viewer 2002 vulnerability password#
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database.