In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
References
Link | Resource |
---|---|
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 | Patch Release Notes Third Party Advisory |
https://www.progress.com/moveit | Product |
Configurations
Configuration 1 (hide)
|
History
10 Jul 2023, 13:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
First Time |
Progress moveit Transfer
Progress |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CPE | cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.progress.com/moveit - Product | |
References | (CONFIRM) https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 - Patch, Release Notes, Third Party Advisory |
05 Jul 2023, 16:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-05 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-36934
Mitre link : CVE-2023-36934
CVE.ORG link : CVE-2023-36934
JSON object : View
Products Affected
progress
- moveit_transfer
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')