CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2023-34362

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score96.8730%
EPSS Percentile99.84th
Published2023年6月2日
Last Modified2023年6月12日

Vulnerability Description

MOVEit Transfer SQL Injection vulnerability allows unauthenticated attackers to gain unauthorized access to MOVEit Transfer's database, leading to privilege escalation and remote code execution.

Affected Platforms (CPE)

📦
Open Source

MOVEit Transfer

multiple versions

References & Advisories

🔗 https://nvd.nist.gov/vuln/detail/CVE-2023-34362
🔗 https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

相關漏洞威脅

CVE-2021-381599.8

In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application co...

CVE-2019-184659.8

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without ful...

CVE-2019-184649.8

In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multipl...

CVE-2017-61959.8

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017...