Development Application has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, well-liked software program utilized for protected file transfer. In addition, Progress Program has patched two other high-severity vulnerabilities.
The discovered SQL injection vulnerability, tagged as CVE-2023-36934, could most likely let unauthenticated attackers to acquire unauthorized accessibility to the MOVEit Transfer databases.
SQL injection vulnerabilities are a perfectly-identified and perilous security flaw that permits attackers to manipulate databases and run any code they want. Attackers can send out specially built payloads to specified endpoints of the influenced application, which could adjust or expose delicate info in the databases.
The explanation CVE-2023-36934 is so critical is that it can be exploited without having having to be logged in. This means that even attackers without valid qualifications can perhaps exploit the vulnerability. Having said that, as of now, there have been no reports of this individual vulnerability remaining actively applied by attackers.
This discovery will come just after a sequence of modern cyberattacks that utilised a various SQL injection vulnerability (CVE-2023-34362) to focus on MOVEit Transfer with Clop ransomware. These attacks resulted in details theft and income extortion from impacted companies.
This hottest security update from Progress Program also addresses two other higher-severity vulnerabilities: CVE-2023-36932 and CVE-2023-36933.
CVE-2023-36932 is a SQL injection flaw that can be exploited by attackers who are logged in to attain unauthorized accessibility to the MOVEit Transfer databases. CVE-2023-36933, on the other hand, is a vulnerability that allows attackers to unexpectedly shut down the MOVEit Transfer application.
Future WEBINAR🔐 Privileged Accessibility Administration: Learn How to Conquer Important Issues
Find different ways to conquer Privileged Account Administration (PAM) problems and stage up your privileged accessibility security system.
Reserve Your Spot
Researchers from HackerOne and Trend Micro’s Zero Working day Initiative responsibly documented Progress Computer software about these vulnerabilities.
These vulnerabilities influence numerous MOVEit Transfer versions, which includes 12.1.10 and past variations, 13..8 and earlier, 13.1.6 and before, 14..6 and more mature, 14.1.7 and more mature, and 15..3 and previously.
Progress Software program has built the required updates available for all major MOVEit Transfer versions. Consumers are strongly encouraged to update to the most current edition of MOVEit Transfer to decrease the hazards posed by these vulnerabilities.
Observed this report appealing? Abide by us on Twitter and LinkedIn to examine more special material we put up.
Some sections of this posting are sourced from: