Multiple MOVEit Managed File Transfer Web Application versions face SQL Injection vulnerability (CVE-2023-35036). Successful exploitation of the vulnerability may allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. MOVEit has accredited Cybersecurity firm Huntress for discovering the vulnerability.
MOVEit Transfer is a managed file transfer (MFT) solution available in an on-premises solution. It offers file encryption security, activity tracking, tamper-evident logging, centralized access controls, and ensuring management and control. The tool provides smooth file transfer between business partners and customers using SFTP, SCP, and HTTP-based uploads. The tool is compatible with SLAs, internal governance requirements, and regulations like PCI, HIPAA, CCPA/CPRA, and GDPR.
Vulnerability Details
An attacker may exploit this vulnerability by submitting a specially crafted payload to a MOVEit Transfer application endpoint. On successful exploitation, the vulnerability could result in the modification and disclosure of secret MOVEit database content.
Affected Versions
- MOVEit Transfer 2020.1.x (12.1)
- MOVEit Transfer 2020.0.x (12.0) or older
- MOVEit Transfer 2023.0.x versions prior to 2023.0.2
- MOVEit Transfer 2022.1.x versions prior to 2022.1.6
- MOVEit Transfer 2022.0.x versions prior to 2022.0.5
- MOVEit Transfer 2021.1.x versions prior to 2021.1.5
- MOVEit Transfer 2021.0.x versions prior to 2021.0.7
Mitigation
The vendor has provided two paths to patch the vulnerability.
- DLL drop-In
DLL Dro-In requires less time to upgrade, and it is easy to apply. Customers must install the required versions below for the DLL to be fully functional.
| Required Version for DLL Drop-In | Fixed Version (DLL drop-in) |
| MOVEit Transfer 2023.0.1 (15.0.1) | MOVEit Transfer 2023.0.2 |
| MOVEit Transfer 2022.1.5 (14.1.5) | MOVEit Transfer 2022.1.6 |
| MOVEit Transfer 2022.0.4 (14.0.4) | MOVEit Transfer 2022.0.5 |
| MOVEit Transfer 2021.1.4 (13.1.4) | MOVEit Transfer 2021.1.5 |
| MOVEit Transfer 2021.0.6 (13.0.6) | MOVEit Transfer 2021.0.7 |
| MOVEit Transfer 2020.1.6 (12.1.6) or later | MOVEit Transfer 2020.1.9 |
| MOVEit Transfer 2020.0.x (12.0) or older | MUST upgrade to a supported version |
- Full Installer
| Affected Version | Fixed Version (full installer) |
| MOVEit Transfer 2023.0.x (15.0.x) | MOVEit Transfer 2023.0.2 |
| MOVEit Transfer 2022.1.x (14.1.x) | MOVEit Transfer 2022.1.6 |
| MOVEit Transfer 2022.0.x (14.0.x) | MOVEit Transfer 2022.0.5 |
| MOVEit Transfer 2021.1.x (13.1.x) | MOVEit Transfer 2021.1.5 |
| MOVEit Transfer 2021.0.x (13.0.x) | MOVEit Transfer 2021.0.7 |
| MOVEit Transfer 2020.1.x (12.1) | Special Patch Available |
| MOVEit Transfer 2020.0.x (12.0) or older | MUST upgrade to a supported version |
| MOVEit Cloud | Prod: 14.1.6.97 or 14.0.5.45 Test: 15.0.2.39 |
For more information, please refer to the MOVEit Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QID 378564 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References