CVE-2023-36934
Description
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
91.212
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-36934 are affected in Progress MOVEit Transfer 12.1.10 | Windows |
| Vulnerabilities CVE-2023-36934 are affected in Progress MOVEit Transfer 13.0.8 | Windows |
| Vulnerabilities CVE-2023-36934 are affected in Progress MOVEit Transfer 13.1.6 | Windows |
| Vulnerabilities CVE-2023-36934 are affected in Progress MOVEit Transfer 14.0.6 | Windows |
| Vulnerabilities CVE-2023-36934 are affected in Progress MOVEit Transfer 14.1.7 | Windows |
| Vulnerabilities CVE-2023-36934 are affected in Progress MOVEit Transfer 15.0.3 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234