CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-35708

CVSS 9.8v3.1pub. 2023-06-16upd. 2024-11-21

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Progress Moveit Transfer

    APP
    Progress
    < 2020.1.102021.0.6 – 2021.0.8 (bez)2021.1.4 – 2021.1.6 (bez)2022.0.4 – 2022.0.6 (bez)2022.1.5 – 2022.1.7 (bez)2023.0.1 – 2023.0.3 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2023-34362CRITICAL9.8⚠ KEVten sam produkt

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5),...

CVE-2024-5806CRITICAL9.1PL ✓ten sam produkt

Authentication Bypass w module SFTP Progress MOVEit Transfer

CVE-2023-36934CRITICAL9.1ten sam produkt

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7...

CVE-2023-35036CRITICAL9.1ten sam produkt

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6),...

CVE-2021-38159CRITICAL9.8ten sam produkt

In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfe...