virus logo Intrusion Prevention

Progress.MOVEit.Transfer.machine.CVE-2023-35708.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit an SQL Injection Vulnerability in MOVEit Transfer.
The vulnerability is due to improper sanitization of user supplied input. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to arbitrary SQL code execution against the database on the target server.

affected-products-logoAffected Products

Progress Software MOVEit Transfer versions prior to 2021.0.8 (13.0.8)
Progress Software MOVEit Transfer versions prior to 2021.1.6 (13.1.6)
Progress Software MOVEit Transfer versions prior to 2022.0.6 (14.0.6)
Progress Software MOVEit Transfer versions prior to 2022.1.7 (14.1.7)
Progress Software MOVEit Transfer versions prior to 2023.0.3 (15.0.3)

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor:
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-07-04 24.593 Sig Added
2023-06-20 24.585
ID 53325
Created Jun 19, 2023
Updated Jun 30, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2023-35708
Exploit Prediction Score 0.11%
Default Action drop
Active
Affected OS Windows
Affected App Other