← volver
CVE-2023-36934

CVE-2023-36934

EPSS 94.8%
Vexday Risk Score
40Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 94.8%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
05 jul 2023Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023https://www.progress.com/moveit