On Friday the CVE had not been assigned yet, but now this vulnerability has now been listed as:ĬVE-2023-34362: In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. As such, it has a large userbase in healthcare, education, US federal and state government, and financial institutions. MOVEit Transfer is a widely used file transfer software which encrypts files and uses secure File Transfer Protocols to transfer data. If your organization uses MOVEit Transfer and you haven’t patched yet, it really is time to move it.Įxcuse the bad pun, but yesterday we saw the first victims of this vulnerability come forward. On Friday Jwe reported about a MOVEit Transfer vulnerability that was actively being exploited.
0 kommentar(er)
