COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-34362

CVE-2023-34362

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-06-02
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-34362
◐ zero-day ⌖ exploited in the wild shame 80/100 ransomwareexploited-in-wildzero-day

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able

Players implicated

progress · vendormoveit transfer · product

Description

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.