CVE-2023-36932
published 2023-07-05CVE-2023-36932: In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4)…
PriorityP268high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
81.53%
99.6th percentile
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | moveit_transfer | < 2020.1.11 | 2020.1.11 |
| progress | moveit_transfer | >= 2021.0 < 2021.0.9 | 2021.0.9 |
| progress | moveit_transfer | >= 2021.1.0 < 2021.1.7 | 2021.1.7 |
| progress | moveit_transfer | >= 2022.0.0 < 2022.0.7 | 2022.0.7 |
| progress | moveit_transfer | >= 2022.1.0 < 2022.1.8 | 2022.1.8 |
| progress | moveit_transfer | >= 2023.0.0 < 2023.0.4 | 2023.0.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-36932 is an authenticated SQL injection vulnerability in MOVEit Transfer web application endpoints; monitor for crafted SQL payloads submitted to MOVEit Transfer application endpoints by authenticated users ↗
- ·Vulnerability affects MOVEit Transfer versions before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4); exploitation requires an authenticated session ↗
- ·CVE-2023-36932 was patched alongside CVE-2023-36934 and CVE-2023-36933 in a July service pack from Progress; it is distinct from the earlier critical unauthenticated SQLi CVE-2023-34362 exploited by Clop ransomware ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Trendmicro
2H 2023: Mehr aktive RaaS-Gruppen und mehr Opfer
blogs_trendmicro·2024-04-16·CVSS 9.8
[CRITICAL] 2H 2023: Mehr aktive RaaS-Gruppen und mehr Opfer
Ransomware
## 2H 2023: Mehr aktive RaaS-Gruppen und mehr Opfer
Unser aktueller Bericht zur Lage und den Trends der Ransomware-Landschaft in der zweiten Hälfte 2023 verdeutlicht, dass die Gruppen LockBit, BlackCat und Clop für die meisten Angriffe mit der höchsten Anzahl an Opferunternehmen verantwortlich waren.
By: Shingo Matsugaya Apr 16, 2024 Read time: ( words)
Save to Folio
Unser detaillierter Bericht basiert auf Daten aus den Leak-Sites von RaaS- und Erpressergruppen, der Open-Source-Intelligence (OSINT)-Forschung von Trend und den Telemetriedaten von Trend Research, die vom 1. Juli bis 31. Dezember 2023 gesammelt wurden. Global lässt sich ein Anstieg der aktiven RaaS-Gruppen parallel zu den wachsenden Opferzahlen feststellen. Bereits seit 2022 gehörten LockBit und BlackCat durch
Unit42
Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
blogs_unit42·2023-10-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Threat Research Center
High Profile Threats
Vulnerabilities
## Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Unit 42
Published: October 4, 2023
High Profile Threats
Threat Research
Vulnerabilities
CVE-2023-34362
CVE-2023-35036
CVE-2023-35708
CVE-2023-36934
MOVEit
Update October 4: We have added additional information using data gathered from Advanced Threat Prevention.
Update July 7: We cover the most recently disclosed vulnerabilities in MOVEit Transfer, as well as the July 2023 service pack.
## Executive Summary
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Tra
Unit42
Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
blogs_unit42·2023-10-04·CVSS 9.8
CVE-2023-34362 [CRITICAL] Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)
Update October 4: We have added additional information using data gathered from Advanced Threat Prevention.
Update July 7: We cover the most recently disclosed vulnerabilities in MOVEit Transfer, as well as the July 2023 service pack.
## Executive Summary
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.
Update: On June 9 and June 15, Progress Software alerted customers of additional SQL Injection vulnerabilities (also rated critical by Progress and got assigned CVE-2023-35036 and CVE-2023-35708, re
2023-07-05
Published