First published: Wed Jul 05 2023(Updated: )
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Progress MOVEit Transfer | <2020.1.11 | |
Progress MOVEit Transfer | >=2021.0<2021.0.9 | |
Progress MOVEit Transfer | >=2021.1.0<2021.1.7 | |
Progress MOVEit Transfer | >=2022.0.0<2022.0.7 | |
Progress MOVEit Transfer | >=2022.1.0<2022.1.8 | |
Progress MOVEit Transfer | >=2023.0.0<2023.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-36932 refers to multiple SQL injection vulnerabilities in the MOVEit Transfer web application.
CVE-2023-36932 has a severity rating of 8.1, which is considered high.
CVE-2023-36932 affects MOVEit Transfer versions before 2020.1.11, 2021.0.9, 2021.1.7, 2022.0.7, 2022.1.8, and 2023.0.4.
An authenticated attacker can exploit CVE-2023-36932 to perform SQL injection attacks against the MOVEit Transfer web application.
Yes, patches and updates are available for affected versions of MOVEit Transfer. It is recommended to update to the latest version to mitigate the vulnerability.