/

CVE-2023-36934 Report - Details, Severity, & Advisorie...

CVE-2023-36934 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-36934?

CVE-2023-36934 is a critical SQL injection vulnerability in certain versions of Progress MOVEit Transfer software. This flaw allows an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database by submitting a crafted payload to an application endpoint, potentially modifying and disclosing database content. Systems running vulnerable versions are at risk, making it essential to update to the latest secure version.

Who is impacted by CVE-2023-36934?

CVE-2023-36934 affects users of the MOVEit Transfer web application using versions before 2020.1.11 (12.1.11), between 2021.0.0 and 2021.0.8 (13.0.0 to 13.0.8), between 2021.1.0 and 2021.1.6 (13.1.0 to 13.1.6), between 2022.0.0 and 2022.0.6 (14.0.0 to 14.0.6), between 2022.1.0 and 2022.1.7 (14.1.0 to 14.1.7), and between 2023.0.0 and 2023.0.3 (15.0.0 to 15.0.3). This SQL injection vulnerability could allow unauthorized access to the MOVEit Transfer database, leading to potential modification and disclosure of its content.

What to do if CVE-2023-36934 affected you

If you're affected by the CVE-2023-36934 vulnerability, it's crucial to take immediate action to secure your system. Follow these simple steps:

  1. Upgrade to a supported version of MOVEit Transfer.

  2. Stop all services and close the Config utility.

  3. Download and unzip the appropriate patch files.

  4. Follow the README.txt instructions to place files in the correct locations.

  5. Restart MOVEit services.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-36934 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is a critical SQL injection issue in the MOVEit Transfer software that could allow unauthorized access to the database. The vulnerability was published on July 5, 2023, and the required action is to apply the patch mentioned in the third-party advisory.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-89, which is an SQL injection issue in MOVEit Transfer software.

Learn More

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-36934 Report - Details, Severity, & Advisorie...

CVE-2023-36934 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-36934?

CVE-2023-36934 is a critical SQL injection vulnerability in certain versions of Progress MOVEit Transfer software. This flaw allows an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database by submitting a crafted payload to an application endpoint, potentially modifying and disclosing database content. Systems running vulnerable versions are at risk, making it essential to update to the latest secure version.

Who is impacted by CVE-2023-36934?

CVE-2023-36934 affects users of the MOVEit Transfer web application using versions before 2020.1.11 (12.1.11), between 2021.0.0 and 2021.0.8 (13.0.0 to 13.0.8), between 2021.1.0 and 2021.1.6 (13.1.0 to 13.1.6), between 2022.0.0 and 2022.0.6 (14.0.0 to 14.0.6), between 2022.1.0 and 2022.1.7 (14.1.0 to 14.1.7), and between 2023.0.0 and 2023.0.3 (15.0.0 to 15.0.3). This SQL injection vulnerability could allow unauthorized access to the MOVEit Transfer database, leading to potential modification and disclosure of its content.

What to do if CVE-2023-36934 affected you

If you're affected by the CVE-2023-36934 vulnerability, it's crucial to take immediate action to secure your system. Follow these simple steps:

  1. Upgrade to a supported version of MOVEit Transfer.

  2. Stop all services and close the Config utility.

  3. Download and unzip the appropriate patch files.

  4. Follow the README.txt instructions to place files in the correct locations.

  5. Restart MOVEit services.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-36934 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is a critical SQL injection issue in the MOVEit Transfer software that could allow unauthorized access to the database. The vulnerability was published on July 5, 2023, and the required action is to apply the patch mentioned in the third-party advisory.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-89, which is an SQL injection issue in MOVEit Transfer software.

Learn More

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-36934 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2023-36934?

CVE-2023-36934 is a critical SQL injection vulnerability in certain versions of Progress MOVEit Transfer software. This flaw allows an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database by submitting a crafted payload to an application endpoint, potentially modifying and disclosing database content. Systems running vulnerable versions are at risk, making it essential to update to the latest secure version.

Who is impacted by CVE-2023-36934?

CVE-2023-36934 affects users of the MOVEit Transfer web application using versions before 2020.1.11 (12.1.11), between 2021.0.0 and 2021.0.8 (13.0.0 to 13.0.8), between 2021.1.0 and 2021.1.6 (13.1.0 to 13.1.6), between 2022.0.0 and 2022.0.6 (14.0.0 to 14.0.6), between 2022.1.0 and 2022.1.7 (14.1.0 to 14.1.7), and between 2023.0.0 and 2023.0.3 (15.0.0 to 15.0.3). This SQL injection vulnerability could allow unauthorized access to the MOVEit Transfer database, leading to potential modification and disclosure of its content.

What to do if CVE-2023-36934 affected you

If you're affected by the CVE-2023-36934 vulnerability, it's crucial to take immediate action to secure your system. Follow these simple steps:

  1. Upgrade to a supported version of MOVEit Transfer.

  2. Stop all services and close the Config utility.

  3. Download and unzip the appropriate patch files.

  4. Follow the README.txt instructions to place files in the correct locations.

  5. Restart MOVEit services.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-36934 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is a critical SQL injection issue in the MOVEit Transfer software that could allow unauthorized access to the database. The vulnerability was published on July 5, 2023, and the required action is to apply the patch mentioned in the third-party advisory.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-89, which is an SQL injection issue in MOVEit Transfer software.

Learn More

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.