Info Security Magazine6 Jun 2023
Critical Zero-Day Flaw Exploited in MOVEit Transfer
The vulnerability (CVE-2023-34362) can grant escalated privileges and unauthorized access
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.
Progress ยท MOVEit Transfer
Known ransomware use: Known
Follow the source advisory and validate exposure in your environment.
Apply updates per vendor instructions.
Recent reporting that mentions CVE-2023-34362.
The vulnerability (CVE-2023-34362) can grant escalated privileges and unauthorized access