SQL Injection Vulnerability in Progress MOVEit Transfer Application
CVE-2023-35036

9.1CRITICAL

Key Information:

Vendor: Progress
Status: Moveit Transfer
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-35036?

The MOVEit Transfer web application, especially in versions prior to 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), is susceptible to SQL injection vulnerabilities. Attackers may exploit these flaws by crafting specific payloads directed at application endpoints, potentially allowing them to execute unauthorized actions on the database. This could lead to unauthorized modification or exposure of sensitive database information, thus compromising the safety and integrity of the data managed by MOVEit Transfer. Immediate action is recommended for affected users to safeguard their applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://archive.is/58ty7

https://community.progress.com/s/article/MOVEit-Transfer-...

EPSS Score

34% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 12, 2023

JSON

Progress

What is CVE-2023-35036?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.