Progress Software package has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, well known computer software applied for safe file transfer. In addition, Progress Computer software has patched two other high-severity vulnerabilities.
The recognized SQL injection vulnerability, tagged as CVE-2023-36934, could possibly permit unauthenticated attackers to achieve unauthorized accessibility to the MOVEit Transfer databases.
SQL injection vulnerabilities are a very well-identified and harmful security flaw that allows attackers to manipulate databases and operate any code they want. Attackers can send exclusively made payloads to selected endpoints of the afflicted application, which could adjust or expose delicate info in the databases.
The rationale CVE-2023-36934 is so critical is that it can be exploited with out possessing to be logged in. This suggests that even attackers with out valid credentials can perhaps exploit the vulnerability. Even so, as of now, there have been no studies of this unique vulnerability being actively employed by attackers.
This discovery will come soon after a sequence of recent cyberattacks that employed a diverse SQL injection vulnerability (CVE-2023-34362) to target MOVEit Transfer with Clop ransomware. These assaults resulted in info theft and cash extortion from impacted corporations.
This hottest security update from Progress Application also addresses two other high-severity vulnerabilities: CVE-2023-36932 and CVE-2023-36933.
CVE-2023-36932 is a SQL injection flaw that can be exploited by attackers who are logged in to acquire unauthorized access to the MOVEit Transfer databases. CVE-2023-36933, on the other hand, is a vulnerability that allows attackers to unexpectedly shut down the MOVEit Transfer software.
Future WEBINAR🔐 Privileged Accessibility Administration: Discover How to Conquer Crucial Issues
Discover different methods to conquer Privileged Account Management (PAM) difficulties and degree up your privileged access security system.
Reserve Your Spot
Researchers from HackerOne and Pattern Micro’s Zero Day Initiative responsibly claimed Development Program about these vulnerabilities.
These vulnerabilities influence multiple MOVEit Transfer versions, such as 12.1.10 and prior versions, 13..8 and before, 13.1.6 and before, 14..6 and older, 14.1.7 and more mature, and 15..3 and previously.
Progress Software program has produced the necessary updates accessible for all big MOVEit Transfer versions. Customers are strongly suggested to update to the most recent model of MOVEit Transfer to lower the hazards posed by these vulnerabilities.
Identified this report attention-grabbing? Adhere to us on Twitter and LinkedIn to study a lot more exclusive content we submit.
Some parts of this article are sourced from:
thehackernews.com