Home

CVE-2023-36932

Description

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
15.717

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2023-36932,CVE-2023-36933 are affected in Progress MOVEit Transfer 2020.1.10Windows
Vulnerabilities CVE-2023-36932,CVE-2023-36933 are affected in Progress MOVEit Transfer 2021.0.8Windows
Vulnerabilities CVE-2023-36932,CVE-2023-36933 are affected in Progress MOVEit Transfer 2021.1.6Windows
Vulnerabilities CVE-2023-36932,CVE-2023-36933 are affected in Progress MOVEit Transfer 2022.0.6Windows
Vulnerabilities CVE-2023-36932,CVE-2023-36933 are affected in Progress MOVEit Transfer 2022.1.7Windows
Vulnerabilities CVE-2023-36932,CVE-2023-36933 are affected in Progress MOVEit Transfer 2023.0.3Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234