CVE-2023-34362 — Actively Exploited: MOVEit Transfer (Progress)
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structur
| CVE ID | CVE-2023-34362 |
|---|---|
| Vendor | Progress |
| Product | MOVEit Transfer |
| Vulnerability name | Progress MOVEit Transfer SQL Injection Vulnerability |
| Date added | 2023-06-02 |
| Remediation due | 2023-06-23 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions. |
| Description | Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alte |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →