← voltar
CVE-2023-36934

CVE-2023-36934

EPSS 94.8%
Vexday Risk Score
40Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 94.8%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
05 jul 2023Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023https://www.progress.com/moveit