cbcvebase.
CVE-2023-36933
published 2023-07-05

CVE-2023-36933: In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an…

PriorityP358high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
72.24%
99.4th percentile
In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.

Affected

6 ranges
VendorProductVersion rangeFixed in
progressmoveit_transfer< 2020.1.112020.1.11
progressmoveit_transfer>= 2021.0 < 2021.0.92021.0.9
progressmoveit_transfer>= 2021.1.0 < 2021.1.72021.1.7
progressmoveit_transfer>= 2022.0.0 < 2022.0.72022.0.7
progressmoveit_transfer>= 2022.1.0 < 2022.1.82022.1.8
progressmoveit_transfer>= 2023.0.0 < 2023.0.42023.0.4

Detection & IOCsextracted from sources · hover to see the quote

  • ·CVE-2023-36933 affects Progress MOVEit Transfer versions before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4). The vulnerability allows an attacker to invoke a method causing an unhandled exception, terminating the application unexpectedly (DoS).
  • ·CVE-2023-36933 was patched alongside CVE-2023-36934 and CVE-2023-36932 in a July service pack by Progress, in the context of broader MOVEit Transfer exploitation activity by the Clop ransomware group.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.