CVE-2023-34362
Progress MOVEit Transfer SQL Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
99.9%
p100
KEV
SÍ
2 jun 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Progress / MOVEit Transfer
Vulnerabilidad
Progress MOVEit Transfer SQL Injection Vulnerability
Añadido a KEV
2 jun 2023
Remediar antes de
23 jun 2023
Uso conocido en ransomware
Sí
Descripción resumida
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.
Acción requerida
Apply updates per vendor instructions.
Notas
This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023.; https://nvd.nist.gov/vuln/detail/CVE-2023-34362
Sin CVEs relacionados por CWE o producto.