CVE-2023-35708

Vulnerability updated a month ago (2024-11-29T13:58:36.275Z)
Download STIX
Preview STIX
CVE-2023-35708 is a critical software vulnerability, specifically an SQL injection flaw, that affected the MOVEit Transfer application. This issue was identified as a privilege escalation vulnerability, meaning it could potentially allow unauthorized users to gain elevated access rights within the system. The discovery of this flaw marked the third such vulnerability found in the MOVEit application in less than a month, underlining the need for rigorous security measures and frequent updates. The vulnerability was disclosed on June 15, 2023, by Progress Software Company, the developers of MOVEit. In response to the disclosure, Fidelis Cybersecurity, a leading provider of advanced cybersecurity solutions, swiftly released updates to protect its customers from potential exploitation of the vulnerability. Progress Software also issued patches to fix the SQL injection vulnerability, urging all customers to promptly update their MOVEit Transfer installations. The aftermath of the CVE-2023-35708 disclosure saw the Cl0p hacker group listing victim organizations affected by the vulnerability. The exact impact and number of compromised organizations remain undisclosed. However, the swift response by cybersecurity firms and the patching efforts by Progress Software have mitigated further risks associated with this vulnerability. Future incidents underline the importance of regular software updates and robust cybersecurity practices.
Description last updated: 2024-05-04T17:11:32.103Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Moveit
Vulnerability
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Clop Malware is associated with CVE-2023-35708. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
2
Source Document References
Information about the CVE-2023-35708 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
Naked Security
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
2 years ago