CVE-2023-35036
published 2023-06-12CVE-2023-35036: In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection…
PriorityP188critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
12.81%
95.8th percentile
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | cortex_data | — | — |
| paloalto | cortex_xdr | — | — |
| paloalto | cortex_xpanse | — | — |
| paloalto | cortex_xsoar | — | — |
| paloalto | globalprotect | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloalto | prisma_cloud | — | — |
| paloalto | prisma_sd | — | — |
| progress | moveit_transfer | < 2021.0.7 | 2021.0.7 |
| progress | moveit_transfer | >= 2021.1.0 < 2021.1.5 | 2021.1.5 |
| progress | moveit_transfer | >= 2022.0.0 < 2022.0.5 | 2022.0.5 |
| progress | moveit_transfer | >= 2022.1.0 < 2022.1.6 | 2022.1.6 |
| progress | moveit_transfer | >= 2023.0.0 < 2023.0.2 | 2023.0.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Hunt for w3wp.exe spawning csc.exe with the MOVEit DMZ pool command line, which indicates on-the-fly compilation of the webshell ↗
- →Detect LemurLoot webshell via YARA by hunting for the typo 'azureAccout' (missing 'n') in ASPX files on MOVEit servers ↗
- →Flag creation of a second App_Web_*.dll in the Temporary ASP.NET Files directory for MOVEit, as only one should exist under normal operation ↗
- →Monitor IIS access logs for POST requests to /moveitisapi/moveitisapi.dll with action=m2, followed by GET requests to /human2.aspx, as this sequence matches the observed attack chain ↗
- ·The human2.aspx webshell path is based on the default MOVEit install location and may vary; it has also been observed on non-C: drives such as E:\ ↗
- ·The App_Web_*.dll filename under Temporary ASP.NET Files contains random characters and will differ per environment; the key indicator is the presence of a *second* such DLL ↗
- ·The LemurLoot webshell uses a hardcoded 36-character GUID-formatted authentication value that varies per deployment, so the X-siLock-Comment header value will differ across samples ↗
- ·The .NET framework version subdirectory in the Temporary ASP.NET Files path may differ from v4.0.30319 depending on the installed .NET version on the host ↗
- ·CVE-2023-35036 patches are designed to mitigate multiple parts of the exploit chain originally used in CVE-2023-34362 exploitation; patching CVE-2023-35036 alone may not fully remediate a previously compromised system ↗
- ·Attackers have been observed pivoting to file names other than human2.aspx for the webshell, so filename-only detection is insufficient ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vulncheck9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gcp2-7w4g-w774: In Progress MOVEit Transfer before 2021
ghsa_unreviewed·2023-06-12
CVE-2023-35036 [CRITICAL] CWE-89 GHSA-gcp2-7w4g-w774: In Progress MOVEit Transfer before 2021
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
VulnCheck
Progress MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2023·CVSS 9.1
CVE-2023-35036 [CRITICAL] Progress MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Progress MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Affected: Progress MOVEit Transfer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Rans
Palo Alto
PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
vendor_paloalto·2023-06-16·CVSS 9.8
CVE-2023-34362 [CRITICAL] PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical Structured Query Language injection (SQLi) vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) in the MOVEit Transfer product. Palo Alto Networks does not use MOVEit Transfer and is not impacted by these vulnerabilities. Protecting our customers is our highest priority. Palo Alto Networks and its Unit 42 threat research team are continuing to closely monitor all developments. You can find regular updates, as well as Palo Alto Networks product protections and interim guidance here: https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/
CVE
No detection rules found.
No public exploits indexed.
Unit42
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
blogs_unit42·2024-02-05
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
## Executive Summary
The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups.
What drove this surge of activity? 2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services. Zero-day exploits for these vulnerabilities drove spikes in ransomware infections by groups like CL0P, LockBit and ALPHV (BlackCat) before defenders could update the vulnerable software.
Leak site data reveals at least 25 new ransomware groups emerged in 2023, indicating the continued attraction of ransomware as a profitable criminal activity. Despite the appearance of new groups such as Darkrace, CryptNet and U-Bomb,
Unit42
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
blogs_unit42·2024-02-05
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Threat Research Center
Threat Research
Ransomware
## Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Doel Santos
Published: February 5, 2024
Cybercrime
Ransomware
Threat Research
Trend Reports
ALPHV
Ambitious Scorpius
Blackcat
Buzzing Scorpius
Hive
Ignoble Scorpius
Leak site
Ragnar Locker
Ransomed
Ransomed.Vc
Royal Ransomware
Salty Scorpius
Trigona
Vice Society
## Executive Summary
The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups.
What drove this surge of activity? 2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services. Zero-day exploits fo
Wiz
Crying out Cloud – Our Favorite Stories of 2023 | Wiz Blog
blogs_wiz·2024-01-16·CVSS 7.8
[HIGH] Crying out Cloud – Our Favorite Stories of 2023 | Wiz Blog
2023 certainly had its share of tumultuous events that shaped the perceptions of cloud customers everywhere — there were supply chain attacks, critical 0day vulnerabilities and advancements in both AI and AI security that all left their mark on how we approach cloud security. As the year came to a close, the Crying out Cloud team (Eden, Merav and Amitai) sat down to discuss what we felt were our most interesting podcast episodes and newsletter editions of 2023.
# High Profile Vulnerabilities
## Merav’s picks
### Chrome vulnerabilities that weren’t actually Chrome vulnerabilities
(from our newsletter)
Several critical vulnerabilities in Google Chrome were published in 2023. In a few cases, items that fell into the Chrome category were hiding much more interesting vulnerabilities. CVE-2
Wiz
Crying out Cloud – Our Favorite Stories of 2023 | Wiz Blog
blogs_wiz·2024-01-16·CVSS 7.8
[HIGH] Crying out Cloud – Our Favorite Stories of 2023 | Wiz Blog
2023 certainly had its share of tumultuous events that shaped the perceptions of cloud customers everywhere — there were supply chain attacks, critical 0day vulnerabilities and advancements in both AI and AI security that all left their mark on how we approach cloud security. As the year came to a close, the Crying out Cloud team ( Eden , Merav and Amitai ) sat down to discuss what we felt were our most interesting podcast episodes and newsletter editions of 2023.
## High Profile Vulnerabilities
## Merav’s picks
## Chrome vulnerabilities that weren’t actually Chrome vulnerabilities
(from our newsletter )
Several critical vulnerabilities in Google Chrome were published in 2023. In a few cases, items that fell into the Chrome category were hiding much more interesting vulnerabilities .
Qualys
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
blogs_qualys·2023-12-19
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
## Table of Contents
2023 Statistics
2023 Vulnerability Threat Landscape
Top Vulnerability Types
Key Insights
Top MITRE ATT&CK Tactics & Techniques
Most Active Threats
Conclusion
As 2023 nears its end, it’s time to pause and reflect. It’s time to assess what worked and what didn’t, what caught our attention and caused disruption, and what went unnoticed. More importantly, we need to know what lessons we learned from 2023 so that we can do a better job of managing risk in the coming year. In line with this, the Qualys Threat Research Unit has prepared a comprehensive blog series to review the threat landscape in 2023.
Key Takeaways:
Less than one percent of vulnerabilities contributed to the highest risk and were routinely exploited in the wild.
97 high-risk vulnerabilities, like
Qualys
Top Cyber Threats of 2023: An In-Depth Review (Part One) | Qualys
blogs_qualys·2023-12-19
Top Cyber Threats of 2023: An In-Depth Review (Part One) | Qualys
#### Table of Contents
- 2023 Statistics
- 2023 Vulnerability Threat Landscape
- Top Vulnerability Types
- Key Insights
- Top MITRE ATT&CK Tactics & Techniques
- Most Active Threats
- Conclusion
As 2023 nears its end, it’s time to pause and reflect. It’s time to assess what worked and what didn’t, what caught our attention and caused disruption, and what went unnoticed. More importantly, we need to know what lessons we learned from 2023 so that we can do a better job of managing risk in the coming year. In line with this, the Qualys Threat Research Unit has prepared a comprehensive blog series to review the threat landscape in 2023.
Key Takeaways:
- Less than one percent of vulnerabilities contributed to the highest risk and were routinely exploited in the wild.
- 97 high-risk vulnerab
Unit42
Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
blogs_unit42·2023-10-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Threat Research Center
High Profile Threats
Vulnerabilities
## Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Unit 42
Published: October 4, 2023
High Profile Threats
Threat Research
Vulnerabilities
CVE-2023-34362
CVE-2023-35036
CVE-2023-35708
CVE-2023-36934
MOVEit
Update October 4: We have added additional information using data gathered from Advanced Threat Prevention.
Update July 7: We cover the most recently disclosed vulnerabilities in MOVEit Transfer, as well as the July 2023 service pack.
## Executive Summary
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Tra
Unit42
Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
blogs_unit42·2023-10-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Update October 4: We have added additional information using data gathered from Advanced Threat Prevention.
Update July 7: We cover the most recently disclosed vulnerabilities in MOVEit Transfer, as well as the July 2023 service pack.
## Executive Summary
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.
Update: On June 9 and June 15, Progress Software alerted customers of additional SQL Injection vulnerabilities (also rated critical by Progress and got assigned CVE-2023-35036 and CVE-2023-35708, re
Securelist
IT threat evolution in Q2 2023. Non-mobile statistics
blogs_securelist·2023-08-30
IT threat evolution in Q2 2023. Non-mobile statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Geography of financial malware attacks
Ransomware programs
Quarterly trends and highlights
MOVEit Transfer vulnerabilities exploited
Attacks on municipal organizations, educational and healthcare establishments
Most prolific groups
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacked users
TOP 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by criminals during cyberattacks
Quarterly highlights
Vulnerability statistics
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks on IoT
Securelist
PC malware statistics, Q2 2022
blogs_securelist·2023-08-30
PC malware statistics, Q2 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Most prolific groups
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks on IoT honeypots
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q2 2023
- IT threat evolution in Q2 2023. Non-mobile statistics
- IT threat evolution in Q2 2023. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2 2023:
- Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe.
- A total of 209,716,810 unique links were d
Wiz
Crying Out Cloud - June's Newsletter | Wiz
blogs_wiz·2023-07-03·CVSS 9.8
[CRITICAL] Crying Out Cloud - June's Newsletter | Wiz
The past month has brought a series of vulnerabilities and security incidents that have left users affected. Amidst the noise, we've taken it upon ourselves to curate the most significant developments for you.
Here are our top picks of cloud security highlights!
## ✨ Highlights
## Three MOVEit Transfer vulnerabilities
Since May 31, 2023, Progress has been publishing details of vulnerabilities in MOVEit Transfer. Some of these vulnerabilities are known to have been exploited in-the-wild by the Cl0p ransomware group. Users are urgently advised to patch to the latest fixed version. MOVEit Transfer is a Windows-Server-based managed file transfer (MFT) service developed by Ipswitch, a subsidiary of Progress.
An SQL injection vulnerability (CVE-2023-34362) was found in the MOVEit Transfer w
Sentinelone
CVE-2023-34362: Unmasking MOVEit Transfer Vulnerability
blogs_sentinelone·2023-06-26·CVSS 9.8
CVE-2023-34362 [CRITICAL] CVE-2023-34362: Unmasking MOVEit Transfer Vulnerability
On May 31, 2023, Progress Software Corporation announced a critical vulnerability in their MOVEit Transfer software application. The vulnerability, assigned the CVE identifier CVE-2023-34362, is a SQL injection vulnerability that could allow an unauthenticated attacker to gain access to the MOVEit Transfer database.
The vulnerability exists in the MOVEit Transfer web application. It was found in all versions of MOVEit Transfer prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1).
An attacker who successfully exploits this vulnerability could gain access to the MOVEit Transfer database. This could allow the attacker to steal sensitive data, such as usernames, passwords, and credit card numbers. The attacker could also use this access t
Sentinelone
CVE-2023-34362: Unmasking MOVEit Transfer Vulnerability
blogs_sentinelone·2023-06-26·CVSS 9.8
CVE-2023-34362 [CRITICAL] CVE-2023-34362: Unmasking MOVEit Transfer Vulnerability
On May 31, 2023, Progress Software Corporation announced a critical vulnerability in their MOVEit Transfer software application. The vulnerability, assigned the CVE identifier CVE-2023-34362, is a SQL injection vulnerability that could allow an unauthenticated attacker to gain access to the MOVEit Transfer database.
The vulnerability exists in the MOVEit Transfer web application. It was found in all versions of MOVEit Transfer prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1) .
An attacker who successfully exploits this vulnerability could gain access to the MOVEit Transfer database. This could allow the attacker to steal sensitive data, such as usernames, passwords, and credit card numbers. The attacker could also use this access
Talos
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
blogs_talos·2023-06-16·CVSS 9.8
CVE-2023-34362 [CRITICAL] Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
- Cisco Talos is monitoring recent reports of exploitation attempts against CVE-2023-34362, a SQL injection zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) solution that has been actively targeted since late May 2023.
- Successful exploitation could lead to remote code execution (RCE), allowing unauthenticated adversaries to execute arbitrary code to support malicious activity, such as disabling anti-virus solutions (AV) or deploying malware payloads.
- The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot, to exfiltrate victims’ data and extort payments, and Microsoft has attributed these attacks to the same group, according to public reporting.
- Two more vulnerabilities have sinc
Tenable
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
blogs_tenable·2023-06-16
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
blogs_talos·2023-06-16·CVSS 9.8
CVE-2023-34362 [CRITICAL] Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
## Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
Cisco Talos is monitoring recent reports of exploitation attempts against CVE-2023-34362 , a SQL injection zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) solution that has been actively targeted since late May 2023.
Successful exploitation could lead to remote code execution (RCE), allowing unauthenticated adversaries to execute arbitrary code to support malicious activity, such as disabling anti-virus solutions (AV) or deploying malware payloads .
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot, to exfiltrate victims’ data and extort payments, and Microsoft has attribut
Zscaler
Coverage Advisory for MOVEit | ThreatLabz
blogs_zscaler·2023-06-09·CVSS 9.8
[CRITICAL] Coverage Advisory for MOVEit | ThreatLabz
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Wiz
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know | Wiz Blog
blogs_wiz·2023-06-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know | Wiz Blog
On May 31, 2023, Progress published details of a critical remote code execution (RCE) 0-day vulnerability in MOVEit Transfer being exploited in-the-wild (CVE-2023-34362).
CVE-2023-34362 was assigned to this vulnerability on June 2, 2023, and according to the vendor exploitation has been observed since May 2023, though there have been reports of possible exploitation going back to March 2023 or even mid-2021. Users are urgently advised to patch to the fixed version, and stay up-to-date on the latest information about this ongoing issue.
### June 10 update:
On June 9, 2023, Progress published details of a second critical SQL injection vulnerability in MOVEit Transfer (CVE-2023-35036). An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result i
Wiz
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know | Wiz Blog
blogs_wiz·2023-06-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know | Wiz Blog
On May 31, 2023, Progress published details of a critical remote code execution (RCE) 0-day vulnerability in MOVEit Transfer being exploited in-the-wild (CVE-2023-34362).
CVE-2023-34362 was assigned to this vulnerability on June 2, 2023, and according to the vendor exploitation has been observed since May 2023, though there have been reports of possible exploitation going back to March 2023 or even mid-2021. Users are urgently advised to patch to the fixed version, and stay up-to-date on the latest information about this ongoing issue.
## June 10 update:
On June 9, 2023, Progress published details of a second critical SQL injection vulnerability in MOVEit Transfer (CVE-2023-35036). An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in
Tenable
CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild
blogs_tenable·2023-06-02·CVSS 9.8
[CRITICAL] CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Huntress
MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response
blogs_huntress·2023-06-01·CVSS 9.8
[CRITICAL] MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response
UPDATED: 1 June 2023 @ 1733 ET - Added shareable Huntress YARA rule for assistance in detection effort
UPDATED: 1 June 2023 @ 2023 ET - Added Kostas community Sigma rule to assist in detection efforts
UPDATED: 1 June 2023 @ 2029 ET - Added screenshots for the DLL that creates the human2.aspx file
UPDATED: 2 June 2023 @ 1210 ET - Added CVE identification
UPDATED: 2 June 2023 @ 1750 ET - Added registry locations for enriched investigation and analysis
UPDATED: 5 June 2023 @ 1323 ET - Added video demonstration of proof-of-concept exploitation
UPDATED 5 June 2023 @ 2116 ET - Added video demonstration of RCE and ransomware
LAST UPDATED 12 June 2023 @ 1101 ET - Added latest CVE and other proof-of-concept details
On June 1, 2023, Huntress was made aware of active exploitation attempts aga
Huntress
MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response | Huntress
blogs_huntress·CVSS 9.8
[CRITICAL] MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response | Huntress
UPDATED: 1 June 2023 @ 1733 ET - Added shareable Huntress YARA rule for assistance in detection effort
UPDATED: 1 June 2023 @ 2023 ET - Added Kostas community Sigma rule to assist in detection efforts
UPDATED: 1 June 2023 @ 2029 ET - Added screenshots for the DLL that creates the human2.aspx file
UPDATED: 2 June 2023 @ 1210 ET - Added CVE identification
UPDATED: 2 June 2023 @ 1750 ET - Added registry locations for enriched investigation and analysis
UPDATED: 5 June 2023 @ 1323 ET - Added video demonstration of proof-of-concept exploitation
UPDATED 5 June 2023 @ 2116 ET - Added video demonstration of RCE and ransomware
LAST UPDATED 12 June 2023 @ 1101 ET - Added latest CVE and other proof-of-concept details
On June 1, 2023, Huntress was made aware of active exploitation attempts aga
Greynoiseio
The First Day Of Tagsmas (2023): Progress MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362)
blogs_greynoiseio·CVSS 9.8
[CRITICAL] The First Day Of Tagsmas (2023): Progress MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362)
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Zscaler
CISO Monthly Roundup, June 2023: ThreatLabz annual State of Ransomware report, understanding RedEnergy Stealer-as-a-Ransomware, investigating Bandit Stealer, exposing Mystic Stealer, and MOVEit vulner
blogs_zscaler
CISO Monthly Roundup, June 2023: ThreatLabz annual State of Ransomware report, understanding RedEnergy Stealer-as-a-Ransomware, investigating Bandit Stealer, exposing Mystic Stealer, and MOVEit vulner
EDITOR'S PICK
## CISO Monthly Roundup, June 2023: ThreatLabz annual State of Ransomware report, understanding RedEnergy Stealer-as-a-Ransomware, investigating Bandit Stealer, exposing Mystic Stealer, and MOVEit vulnerability guidance
Deepen Desai
Contributor
Zscaler
## Jul 7, 2023
The June CISO Monthly Roundup covers the latest ThreatLabz Ransomware Report findings, understanding RedEnergy, investigating Bandit and Mystic stealers, and more.
The CISO Monthly Roundup provides the latest threat research from Deepen Desai and the ThreatLabz team, along with insights on other cyber-related subjects. Over the past month, ThreatLabz released the 2023 State of Ransomware report, analyzed RedEnergy Stealer-as-a-Ransomware, investigated Bandit Stealer, examined Mystic Stealer, and offered MO
Crowdstrike
Discovering the MOVEit Transfer Vulnerability
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Discovering the MOVEit Transfer Vulnerability
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2023-06-12
Published
Exploited in the wild