In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
References
Link | Resource |
---|---|
https://archive.is/58ty7 | Third Party Advisory |
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-2023-35036-June-9-2023 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Jun 2023, 18:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Progress
Progress moveit Transfer |
|
CPE | cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* | |
References | (MISC) https://archive.is/58ty7 - Third Party Advisory | |
References | (CONFIRM) https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-2023-35036-June-9-2023 - Vendor Advisory | |
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
14 Jun 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 Jun 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-12 03:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-35036
Mitre link : CVE-2023-35036
CVE.ORG link : CVE-2023-35036
JSON object : View
Products Affected
progress
- moveit_transfer
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')