July 7, 2023swati kanderwalVulnerability / Cyber ​​Threat

Progress Software has announced that it has discovered and patched a critical SQL injection vulnerability in MOVEit Transfer, a popular software used for secure file transfers. In addition, Progress Software also patched two other high-severity vulnerabilities in him.

Identified SQL injection vulnerabilities tagged as CVE-2023-36934an unauthenticated attacker could gain unauthorized access to the MOVEit Transfer database.

SQL injection vulnerabilities are well-known and dangerous security flaws that allow attackers to manipulate databases and execute arbitrary code. An attacker could send a specially designed payload to specific endpoints of the affected application to modify or expose sensitive data in the database.

The reason CVE-2023-36934 is so important is that it can be exploited without logging in. This means that an attacker without valid credentials could still exploit this vulnerability. However, at this time there are no reports of this particular vulnerability being actively used by attackers.

The discovery comes after a series of recent cyberattacks targeting MOVEit Transfer with Clop ransomware via another SQL injection vulnerability (CVE-2023-34362). These attacks stole data and extorted money from affected organizations.

This latest security update from Progress Software also addresses two other high-severity vulnerabilities, CVE-2023-36932 and CVE-2023-36933.

CVE-2023-36932 is a SQL injection flaw that a logged-in attacker can exploit to gain unauthorized access to the MOVEit Transfer database. CVE-2023-36933, on the other hand, is a vulnerability that could allow an attacker to unexpectedly shut down her MOVEit Transfer program.

upcoming webinars

🔐 Privileged Access Management: Learn How to Overcome Key Challenges

Discover different approaches to overcoming the challenges of privileged account management (PAM) and leveling up your privileged access security strategy.

reserve a spot

Researchers at HackerOne and Trend Micro’s Zero Day Initiative responsibly reported these vulnerabilities to Progress Software.

These vulnerabilities affect multiple MOVEit Transfer versions including 12.1.10 and earlier, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and earlier, 14.1.7 and earlier, and 15.0.3 and earlier.

Progress Software has made the necessary updates available for all major MOVEit Transfer versions. We strongly recommend updating to the latest version of MOVEit Transfer to mitigate the risks posed by these vulnerabilities.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog