First published: Wed Sep 20 2023(Updated: )
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.
Credit: security@progress.com security@progress.com
Affected Software | Affected Version | How to fix |
---|---|---|
Progress MOVEit Transfer | <2021.1.8 | |
Progress MOVEit Transfer | >=2022.0.0<2022.0.8 | |
Progress MOVEit Transfer | >=2022.1.0<2022.1.9 | |
Progress MOVEit Transfer | >=2023.0.0<2023.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-42660 is a SQL injection vulnerability in MOVEit Transfer versions released before 2021.1.8, 2022.0.8, 2022.1.9, and 2023.0.6.
An attacker can exploit CVE-2023-42660 by using SQL injection techniques to gain unauthorized access to the MOVEit Transfer machine interface.
CVE-2023-42660 has a severity rating of 8.8 (high).
MOVEit Transfer versions released before 2021.1.8, 2022.0.8, 2022.1.9, and 2023.0.6 are affected by CVE-2023-42660.
To fix CVE-2023-42660, you should upgrade to MOVEit Transfer version 2021.1.8 or later.