SQL Injection Vulnerability in Progress MOVEit Transfer Application
CVE-2023-35036

9.1CRITICAL

Key Information:

Vendor: Progress
Status: Moveit Transfer
Vendor: CVE Published:; 12 June 2023

Summary

The MOVEit Transfer web application, especially in versions prior to 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), is susceptible to SQL injection vulnerabilities. Attackers may exploit these flaws by crafting specific payloads directed at application endpoints, potentially allowing them to execute unauthorized actions on the database. This could lead to unauthorized modification or exposure of sensitive database information, thus compromising the safety and integrity of the data managed by MOVEit Transfer. Immediate action is recommended for affected users to safeguard their applications.

References

https://archive.is/58ty7

https://community.progress.com/s/article/MOVEit-Transfer-...

EPSS Score

34% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 12, 2023