CVE-2023-34362

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score96.8730%

EPSS Percentile99.84th

PublishedJun 2, 2023

Last ModifiedJun 12, 2023

Vulnerability Description

MOVEit Transfer SQL Injection vulnerability allows unauthenticated attackers to gain unauthorized access to MOVEit Transfer's database, leading to privilege escalation and remote code execution.

Affected Platforms (CPE)

📦

Open Source

MOVEit Transfer

multiple versions

References & Advisories

🔗 https://nvd.nist.gov/vuln/detail/CVE-2023-34362

🔗 https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

Related Vulnerabilities

CVE-2021-381599.8

In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application co...

CVE-2019-184659.8

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without ful...

CVE-2019-184649.8

In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multipl...

CVE-2017-61959.8

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017...