cbcvebase.
CVE-2023-36932
published 2023-07-05

CVE-2023-36932: In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4)…

PriorityP268high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
81.53%
99.6th percentile
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

Affected

6 ranges
VendorProductVersion rangeFixed in
progressmoveit_transfer< 2020.1.112020.1.11
progressmoveit_transfer>= 2021.0 < 2021.0.92021.0.9
progressmoveit_transfer>= 2021.1.0 < 2021.1.72021.1.7
progressmoveit_transfer>= 2022.0.0 < 2022.0.72022.0.7
progressmoveit_transfer>= 2022.1.0 < 2022.1.82022.1.8
progressmoveit_transfer>= 2023.0.0 < 2023.0.42023.0.4

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-36932 is an authenticated SQL injection vulnerability in MOVEit Transfer web application endpoints; monitor for crafted SQL payloads submitted to MOVEit Transfer application endpoints by authenticated users
  • ·Vulnerability affects MOVEit Transfer versions before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4); exploitation requires an authenticated session
  • ·CVE-2023-36932 was patched alongside CVE-2023-36934 and CVE-2023-36933 in a July service pack from Progress; it is distinct from the earlier critical unauthenticated SQLi CVE-2023-34362 exploited by Clop ransomware
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.