Home

CVE-2023-35036

Description

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfers database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
33.696

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2023-34362,CVE-2023-35036 are affected in Progress MOVEit Transfer 2021.0.6Windows
Vulnerabilities CVE-2023-34362,CVE-2023-35036 are affected in Progress MOVEit Transfer 2021.1.4Windows
Vulnerabilities CVE-2023-34362,CVE-2023-35036 are affected in Progress MOVEit Transfer 2022.0.4Windows
Vulnerabilities CVE-2023-34362,CVE-2023-35036 are affected in Progress MOVEit Transfer 2022.1.5Windows
Vulnerabilities CVE-2023-34362,CVE-2023-35036 are affected in Progress MOVEit Transfer 2023.0.1Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234