CVE-2023-35708
published 2023-06-16CVE-2023-35708: In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection…
PriorityP195critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVRansomware
Exploited in the wild
EPSS
96.68%
99.9th percentile
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | cortex_data | — | — |
| paloalto | cortex_xdr | — | — |
| paloalto | cortex_xpanse | — | — |
| paloalto | cortex_xsoar | — | — |
| paloalto | globalprotect | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloalto | prisma_cloud | — | — |
| paloalto | prisma_sd | — | — |
| progress | moveit_transfer | < 2020.1.10 | 2020.1.10 |
| progress | moveit_transfer | >= 2021.0.6 < 2021.0.8 | 2021.0.8 |
| progress | moveit_transfer | >= 2021.1.4 < 2021.1.6 | 2021.1.6 |
| progress | moveit_transfer | >= 2022.0.4 < 2022.0.6 | 2022.0.6 |
| progress | moveit_transfer | >= 2022.1.5 < 2022.1.7 | 2022.1.7 |
| progress | moveit_transfer | >= 2023.0.1 < 2023.0.3 | 2023.0.3 |
Detection & IOCsextracted from sources · hover to see the quote
otherProgress MOVEit Transfer SILCertToUser or UserCheckClientCert SQL Injection (CVE-2023-35036 or CVE-2023-35708): 6000667↗
snort↗
SID 61876-61879
snort↗
SID 61936
snort↗
SID 300582
snort↗
SID 300583
yara↗
Win.Ransomware.Clop-6881304-0
yara↗
Win.Ransomware.Clop-6887770-0
- →Check Point IPS signatures 'Webshell.Win.Moveit' and 'Exploit.Wins.MOVEit' provide detection coverage for MOVEit Transfer exploitation activity including CVE-2023-35708. ↗
- ·The LemurLoot webshell IOC hashes (listed under 'Webshell (LemurLoot)') are associated with the broader MOVEit Transfer exploitation campaign (CVE-2023-34362) by Cl0p; they are not confirmed exclusively tied to CVE-2023-35708 exploitation, which was not reported as actively exploited at time of publication. ↗
- ·The Zscaler AppProtection rule ID 6000667 covers both CVE-2023-35036 and CVE-2023-35708 together (SILCertToUser or UserCheckClientCert SQL Injection); it is not exclusive to CVE-2023-35708. ↗
- ·The Snort SIDs and ClamAV signatures released by Cisco Talos are attributed to the broader MOVEit Transfer exploitation campaign and may cover CVE-2023-34362 and related activity; applicability specifically to CVE-2023-35708 should be verified against the latest Snort rule pack. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w5r2-4jr9-2g3q: Progress MOVEit Transfer has a privilege escalation vulnerability that can be addressed with DLL drop-in version 2023
ghsa_unreviewed·2023-06-16
CVE-2023-35708 CWE-89 GHSA-w5r2-4jr9-2g3q: Progress MOVEit Transfer has a privilege escalation vulnerability that can be addressed with DLL drop-in version 2023
Progress MOVEit Transfer has a privilege escalation vulnerability that can be addressed with DLL drop-in version 2023.0.3 (15.0.3) and other specific fixed versions (stated below). The availability date of fixed versions of the DLL drop-in is earlier than the availability date of fixed versions of the full installer. The specific weakness and impact details will be mentioned in a later update to this CVE Record. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).
VulnCheck
Progress MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2023·CVSS 9.8
CVE-2023-35708 [CRITICAL] Progress MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Progress MOVEit Transfer Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).
Affected: Progress MOVEit Transfer
Palo Alto
PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
vendor_paloalto·2023-06-16·CVSS 9.8
CVE-2023-34362 [CRITICAL] PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708)
The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical Structured Query Language injection (SQLi) vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) in the MOVEit Transfer product. Palo Alto Networks does not use MOVEit Transfer and is not impacted by these vulnerabilities. Protecting our customers is our highest priority. Palo Alto Networks and its Unit 42 threat research team are continuing to closely monitor all developments. You can find regular updates, as well as Palo Alto Networks product protections and interim guidance here: https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/
CVE
No detection rules found.
Nuclei
MOVEit Transfer - SQL Injection
nuclei·CVSS 9.8
CVE-2023-35708 [CRITICAL] MOVEit Transfer - SQL Injection
MOVEit Transfer - SQL Injection
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).
Template:
id: CVE-2023-35708
info:
name: MOVEit Transfer - SQL Injection
author: daffainfo,jjcho
severity: cri
Unit42
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
blogs_unit42·2024-02-05
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
## Executive Summary
The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups.
What drove this surge of activity? 2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services. Zero-day exploits for these vulnerabilities drove spikes in ransomware infections by groups like CL0P, LockBit and ALPHV (BlackCat) before defenders could update the vulnerable software.
Leak site data reveals at least 25 new ransomware groups emerged in 2023, indicating the continued attraction of ransomware as a profitable criminal activity. Despite the appearance of new groups such as Darkrace, CryptNet and U-Bomb,
Unit42
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
blogs_unit42·2024-02-05
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Threat Research Center
Threat Research
Ransomware
## Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Doel Santos
Published: February 5, 2024
Cybercrime
Ransomware
Threat Research
Trend Reports
ALPHV
Ambitious Scorpius
Blackcat
Buzzing Scorpius
Hive
Ignoble Scorpius
Leak site
Ragnar Locker
Ransomed
Ransomed.Vc
Royal Ransomware
Salty Scorpius
Trigona
Vice Society
## Executive Summary
The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups.
What drove this surge of activity? 2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services. Zero-day exploits fo
Wiz
Crying out Cloud – Our Favorite Stories of 2023 | Wiz Blog
blogs_wiz·2024-01-16·CVSS 7.8
[HIGH] Crying out Cloud – Our Favorite Stories of 2023 | Wiz Blog
2023 certainly had its share of tumultuous events that shaped the perceptions of cloud customers everywhere — there were supply chain attacks, critical 0day vulnerabilities and advancements in both AI and AI security that all left their mark on how we approach cloud security. As the year came to a close, the Crying out Cloud team (Eden, Merav and Amitai) sat down to discuss what we felt were our most interesting podcast episodes and newsletter editions of 2023.
# High Profile Vulnerabilities
## Merav’s picks
### Chrome vulnerabilities that weren’t actually Chrome vulnerabilities
(from our newsletter)
Several critical vulnerabilities in Google Chrome were published in 2023. In a few cases, items that fell into the Chrome category were hiding much more interesting vulnerabilities. CVE-2
Wiz
Crying out Cloud – Our Favorite Stories of 2023 | Wiz Blog
blogs_wiz·2024-01-16·CVSS 7.8
[HIGH] Crying out Cloud – Our Favorite Stories of 2023 | Wiz Blog
2023 certainly had its share of tumultuous events that shaped the perceptions of cloud customers everywhere — there were supply chain attacks, critical 0day vulnerabilities and advancements in both AI and AI security that all left their mark on how we approach cloud security. As the year came to a close, the Crying out Cloud team ( Eden , Merav and Amitai ) sat down to discuss what we felt were our most interesting podcast episodes and newsletter editions of 2023.
## High Profile Vulnerabilities
## Merav’s picks
## Chrome vulnerabilities that weren’t actually Chrome vulnerabilities
(from our newsletter )
Several critical vulnerabilities in Google Chrome were published in 2023. In a few cases, items that fell into the Chrome category were hiding much more interesting vulnerabilities .
Unit42
Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
blogs_unit42·2023-10-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Threat Research Center
High Profile Threats
Vulnerabilities
## Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Unit 42
Published: October 4, 2023
High Profile Threats
Threat Research
Vulnerabilities
CVE-2023-34362
CVE-2023-35036
CVE-2023-35708
CVE-2023-36934
MOVEit
Update October 4: We have added additional information using data gathered from Advanced Threat Prevention.
Update July 7: We cover the most recently disclosed vulnerabilities in MOVEit Transfer, as well as the July 2023 service pack.
## Executive Summary
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Tra
Unit42
Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
blogs_unit42·2023-10-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Update October 4: We have added additional information using data gathered from Advanced Threat Prevention.
Update July 7: We cover the most recently disclosed vulnerabilities in MOVEit Transfer, as well as the July 2023 service pack.
## Executive Summary
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.
Update: On June 9 and June 15, Progress Software alerted customers of additional SQL Injection vulnerabilities (also rated critical by Progress and got assigned CVE-2023-35036 and CVE-2023-35708, re
Tenable
CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
blogs_tenable·2023-10-02·CVSS 10.0
[CRITICAL] CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
IT threat evolution in Q2 2023. Non-mobile statistics
blogs_securelist·2023-08-30
IT threat evolution in Q2 2023. Non-mobile statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Geography of financial malware attacks
Ransomware programs
Quarterly trends and highlights
MOVEit Transfer vulnerabilities exploited
Attacks on municipal organizations, educational and healthcare establishments
Most prolific groups
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacked users
TOP 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by criminals during cyberattacks
Quarterly highlights
Vulnerability statistics
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks on IoT
Securelist
PC malware statistics, Q2 2022
blogs_securelist·2023-08-30
PC malware statistics, Q2 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Most prolific groups
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks on IoT honeypots
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q2 2023
- IT threat evolution in Q2 2023. Non-mobile statistics
- IT threat evolution in Q2 2023. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2 2023:
- Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe.
- A total of 209,716,810 unique links were d
Wiz
Crying Out Cloud - June's Newsletter | Wiz
blogs_wiz·2023-07-03·CVSS 9.8
[CRITICAL] Crying Out Cloud - June's Newsletter | Wiz
The past month has brought a series of vulnerabilities and security incidents that have left users affected. Amidst the noise, we've taken it upon ourselves to curate the most significant developments for you.
Here are our top picks of cloud security highlights!
## ✨ Highlights
## Three MOVEit Transfer vulnerabilities
Since May 31, 2023, Progress has been publishing details of vulnerabilities in MOVEit Transfer. Some of these vulnerabilities are known to have been exploited in-the-wild by the Cl0p ransomware group. Users are urgently advised to patch to the latest fixed version. MOVEit Transfer is a Windows-Server-based managed file transfer (MFT) service developed by Ipswitch, a subsidiary of Progress.
An SQL injection vulnerability (CVE-2023-34362) was found in the MOVEit Transfer w
Sentinelone
CVE-2023-34362: Unmasking MOVEit Transfer Vulnerability
blogs_sentinelone·2023-06-26·CVSS 9.8
CVE-2023-34362 [CRITICAL] CVE-2023-34362: Unmasking MOVEit Transfer Vulnerability
On May 31, 2023, Progress Software Corporation announced a critical vulnerability in their MOVEit Transfer software application. The vulnerability, assigned the CVE identifier CVE-2023-34362, is a SQL injection vulnerability that could allow an unauthenticated attacker to gain access to the MOVEit Transfer database.
The vulnerability exists in the MOVEit Transfer web application. It was found in all versions of MOVEit Transfer prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1).
An attacker who successfully exploits this vulnerability could gain access to the MOVEit Transfer database. This could allow the attacker to steal sensitive data, such as usernames, passwords, and credit card numbers. The attacker could also use this access t
Sentinelone
CVE-2023-34362: Unmasking MOVEit Transfer Vulnerability
blogs_sentinelone·2023-06-26·CVSS 9.8
CVE-2023-34362 [CRITICAL] CVE-2023-34362: Unmasking MOVEit Transfer Vulnerability
On May 31, 2023, Progress Software Corporation announced a critical vulnerability in their MOVEit Transfer software application. The vulnerability, assigned the CVE identifier CVE-2023-34362, is a SQL injection vulnerability that could allow an unauthenticated attacker to gain access to the MOVEit Transfer database.
The vulnerability exists in the MOVEit Transfer web application. It was found in all versions of MOVEit Transfer prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1) .
An attacker who successfully exploits this vulnerability could gain access to the MOVEit Transfer database. This could allow the attacker to steal sensitive data, such as usernames, passwords, and credit card numbers. The attacker could also use this access
Checkpoint
19th June – Threat Intelligence Report
blogs_checkpoint·2023-06-19
CVE-2023-35708 19th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 19th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 19th June, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The Louisiana Office of Motor Vehicles (OMV) and the Oregon DMV Services have released statements warning US citizens of a data breach exposing millions of driver’s licenses. This comes after the Clop ransomware gang had hacked the agencies’ MOVEit Transfer security file transfer systems and stole the stored data.
Check Point IP
Talos
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
blogs_talos·2023-06-16·CVSS 9.8
CVE-2023-34362 [CRITICAL] Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
- Cisco Talos is monitoring recent reports of exploitation attempts against CVE-2023-34362, a SQL injection zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) solution that has been actively targeted since late May 2023.
- Successful exploitation could lead to remote code execution (RCE), allowing unauthenticated adversaries to execute arbitrary code to support malicious activity, such as disabling anti-virus solutions (AV) or deploying malware payloads.
- The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot, to exfiltrate victims’ data and extort payments, and Microsoft has attributed these attacks to the same group, according to public reporting.
- Two more vulnerabilities have sinc
Tenable
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
blogs_tenable·2023-06-16
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
blogs_talos·2023-06-16·CVSS 9.8
CVE-2023-34362 [CRITICAL] Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
## Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
Cisco Talos is monitoring recent reports of exploitation attempts against CVE-2023-34362 , a SQL injection zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) solution that has been actively targeted since late May 2023.
Successful exploitation could lead to remote code execution (RCE), allowing unauthenticated adversaries to execute arbitrary code to support malicious activity, such as disabling anti-virus solutions (AV) or deploying malware payloads .
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot, to exfiltrate victims’ data and extort payments, and Microsoft has attribut
Wiz
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know | Wiz Blog
blogs_wiz·2023-06-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know | Wiz Blog
On May 31, 2023, Progress published details of a critical remote code execution (RCE) 0-day vulnerability in MOVEit Transfer being exploited in-the-wild (CVE-2023-34362).
CVE-2023-34362 was assigned to this vulnerability on June 2, 2023, and according to the vendor exploitation has been observed since May 2023, though there have been reports of possible exploitation going back to March 2023 or even mid-2021. Users are urgently advised to patch to the fixed version, and stay up-to-date on the latest information about this ongoing issue.
### June 10 update:
On June 9, 2023, Progress published details of a second critical SQL injection vulnerability in MOVEit Transfer (CVE-2023-35036). An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result i
Wiz
CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know | Wiz Blog
blogs_wiz·2023-06-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] CVE-2023-34362 RCE vulnerability in MOVEit Transfer exploited in the wild: everything you need to know | Wiz Blog
On May 31, 2023, Progress published details of a critical remote code execution (RCE) 0-day vulnerability in MOVEit Transfer being exploited in-the-wild (CVE-2023-34362).
CVE-2023-34362 was assigned to this vulnerability on June 2, 2023, and according to the vendor exploitation has been observed since May 2023, though there have been reports of possible exploitation going back to March 2023 or even mid-2021. Users are urgently advised to patch to the fixed version, and stay up-to-date on the latest information about this ongoing issue.
## June 10 update:
On June 9, 2023, Progress published details of a second critical SQL injection vulnerability in MOVEit Transfer (CVE-2023-35036). An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in
Greynoiseio
The First Day Of Tagsmas (2023): Progress MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362)
blogs_greynoiseio·CVSS 9.8
[CRITICAL] The First Day Of Tagsmas (2023): Progress MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362)
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Zscaler
CISO Monthly Roundup, June 2023: ThreatLabz annual State of Ransomware report, understanding RedEnergy Stealer-as-a-Ransomware, investigating Bandit Stealer, exposing Mystic Stealer, and MOVEit vulner
blogs_zscaler
CISO Monthly Roundup, June 2023: ThreatLabz annual State of Ransomware report, understanding RedEnergy Stealer-as-a-Ransomware, investigating Bandit Stealer, exposing Mystic Stealer, and MOVEit vulner
EDITOR'S PICK
## CISO Monthly Roundup, June 2023: ThreatLabz annual State of Ransomware report, understanding RedEnergy Stealer-as-a-Ransomware, investigating Bandit Stealer, exposing Mystic Stealer, and MOVEit vulnerability guidance
Deepen Desai
Contributor
Zscaler
## Jul 7, 2023
The June CISO Monthly Roundup covers the latest ThreatLabz Ransomware Report findings, understanding RedEnergy, investigating Bandit and Mystic stealers, and more.
The CISO Monthly Roundup provides the latest threat research from Deepen Desai and the ThreatLabz team, along with insights on other cyber-related subjects. Over the past month, ThreatLabz released the 2023 State of Ransomware report, analyzed RedEnergy Stealer-as-a-Ransomware, investigated Bandit Stealer, examined Mystic Stealer, and offered MO
Crowdstrike
Discovering the MOVEit Transfer Vulnerability
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Discovering the MOVEit Transfer Vulnerability
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerabilityhttps://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerabilityhttps://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerabilityhttps://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
2023-06-16
Published
Exploited in the wild