CVE-2023-35708

Vulnerability updated 4 months ago (2024-05-04T17:19:08.465Z)

Download STIX

Preview STIX

CVE-2023-35708 is a critical software vulnerability, specifically an SQL injection flaw, that affected the MOVEit Transfer application. This issue was identified as a privilege escalation vulnerability, meaning it could potentially allow unauthorized users to gain elevated access rights within the system. The discovery of this flaw marked the third such vulnerability found in the MOVEit application in less than a month, underlining the need for rigorous security measures and frequent updates. The vulnerability was disclosed on June 15, 2023, by Progress Software Company, the developers of MOVEit. In response to the disclosure, Fidelis Cybersecurity, a leading provider of advanced cybersecurity solutions, swiftly released updates to protect its customers from potential exploitation of the vulnerability. Progress Software also issued patches to fix the SQL injection vulnerability, urging all customers to promptly update their MOVEit Transfer installations. The aftermath of the CVE-2023-35708 disclosure saw the Cl0p hacker group listing victim organizations affected by the vulnerability. The exact impact and number of compromised organizations remain undisclosed. However, the swift response by cybersecurity firms and the patching efforts by Progress Software have mitigated further risks associated with this vulnerability. Future incidents underline the importance of regular software updates and robust cybersecurity practices.

Description last updated: 2024-05-04T17:11:32.103Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Moveit

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Clop	Unspecified	2	Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole

Source Document References

Information about the CVE-2023-35708 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	7 months ago	Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
InfoSecurity-magazine	8 months ago	Daily Malicious Files Soar 3% in 2023, Kaspersky Finds
CERT-EU	9 months ago	Progress Software discloses 2 new CVEs in MOVEit
CERT-EU	9 months ago	Nova Scotia privacy commissioner investigating provincial MOVEit hack \| IT World Canada News
CERT-EU	10 months ago	Ransomware attacks set to break records in 2023 - Help Net Security
CERT-EU	10 months ago	Ransomware attacks set to break records in 2023 - Help Net Security
CERT-EU	a year ago	Update on MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 - Cyber Security Review
CERT-EU	a year ago	Ontario perinatal and child registry BORN breached
CERT-EU	a year ago	IT threat evolution in Q2 2023. Non-mobile statistics – GIXtools
CERT-EU	a year ago	PC malware statistics, Q2 2022
CERT-EU	a year ago	MOVEit victim count closes in on 400 orgs, 20M+ individuals
CERT-EU	a year ago	The attack via Progress MOVEit Transfer
CERT-EU	a year ago	MOVEit Transfer Faces Another Critical Data-Theft Bug
CERT-EU	a year ago	How to Use FAIR Analysis to Quantify Risk from the MOVEit Vulnerability
CERT-EU	a year ago	Threat Response That Outpaces Cyberattacks
CERT-EU	a year ago	US State Department Puts $10M Bounty on Clop Ransomware Gang Responsible for the Ongoing MOVEit Zero-day Vulnerability Rampage
CERT-EU	a year ago	MOVEit Data Breach Victims Sue Progress Software
Naked Security	a year ago	S3 Ep140: So you think you know ransomware?
BankInfoSecurity	a year ago	MOVEit Data Breach Victims Sue Progress Software
CERT-EU	a year ago	Anomali Cyber Watch: Cadet Blizzard - New GRU APT, ChamelDoH Hard-to-Detect Linux RAT, Stealthy DoubleFinger Targets Cryptocurrency