Multiple Denial of Service and SQL injection vulnerabilities are discovered in the Service Pack program for MOVEit products, including MOVEit Transfer and MOVEit Automation. CVE-2023-36934 is rated as critical, while CVE-2023-36932 and CVE-2023-36933 are rated High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to the MOVEit Transfer database and terminate … Continue reading “Progress MOVEit Transfer Multiple Vulnerabilities (CVE-2023-36932, CVE-2023-36933, & CVE-2023-36934)”
Tag: MOVEit
MOVEit Transfer Privilege Escalation and Potential Unauthorized Access Vulnerability (CVE-2023-35708)
Progress has discovered a privilege escalation vulnerability in the MOVEit Transfer web application (CVE-2023-35708). On successful exploitation, the vulnerability may allow an attacker to gain unauthorized access to the MOVEit Transfer database. There is no evidence to suggest that the vulnerability is being exploited in the wild. MOVEit Transfer is a managed file transfer (MFT) … Continue reading “MOVEit Transfer Privilege Escalation and Potential Unauthorized Access Vulnerability (CVE-2023-35708)”
Critical SQL Injection Vulnerability in MOVEit Managed File Transfer Web Application (CVE-2023-35036)
Multiple MOVEit Managed File Transfer Web Application versions face SQL Injection vulnerability (CVE-2023-35036). Successful exploitation of the vulnerability may allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. MOVEit has accredited Cybersecurity firm Huntress for discovering the vulnerability. MOVEit Transfer is a managed file transfer (MFT) solution available in an on-premises … Continue reading “Critical SQL Injection Vulnerability in MOVEit Managed File Transfer Web Application (CVE-2023-35036)”
MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)
A critical SQL injection vulnerability (CVE-2023-34362) affecting the MOVEit Transfer managed file transfer application is being exploited in the wild. The vulnerability may result in elevated privileges and unauthorized access to the MOVEit transfer’s database. CISA has added this critical vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before 23rd June … Continue reading “MOVEit Patched Critical Zero-day SQL Injection Vulnerability in MOVEit Managed File Transfer Application (CVE-2023-34362)”