SQL Injection Vulnerability in MOVEit Transfer by Progress
CVE-2021-37614
8.8HIGH
What is CVE-2021-37614?
An SQL injection vulnerability exists in earlier versions of the MOVEit Transfer web application, allowing authenticated remote attackers to access the underlying database. Exploitation of this vulnerability could enable attackers to extract sensitive information about the database structure and contents, or even manipulate or delete database records. This risk is contingent on the database engine in use, such as MySQL, Microsoft SQL Server, or Azure SQL. Users are urged to update to the latest secure versions to mitigate potential risks.