CVE-2023-36934

Vulnerability updated 2 months ago (2024-11-29T14:36:13.444Z)

Download STIX

Preview STIX

CVE-2023-36934 is a critical vulnerability that was identified in MOVEit Transfer's web application. This flaw in software design or implementation was published on July 5th, and it allowed for unauthenticated access to the database by submitting a payload to an application endpoint. This security bug is distinct from previous vulnerabilities and has enabled attackers to view or modify content within the database. Progress Software disclosed this SQL injection vulnerability and released a Service Pack to address it along with two other vulnerabilities (CVE-2023-36932, CVE-2023-36933) on July 6th. The patch successfully fixed these vulnerabilities, including the critical CVE-2023-36934. These remedial actions were undertaken promptly to protect users from potential exploitation of these flaws. It is crucial to note that CVE-2023-36934 is distinct from the former zero-day flaw that had been exploited with significant success by the Cl0p ransomware gang. This highlights the importance of regular updates and patches to guard against such vulnerabilities. Users are strongly advised to keep their software up-to-date to prevent potential security breaches.

Description last updated: 2024-05-04T16:32:27.169Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Moveit

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the CVE-2023-36934 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Progress Software discloses 2 new CVEs in MOVEit
CERT-EU	2 years ago	MOVEit victim count closes in on 400 orgs, 20M+ individuals
CERT-EU	2 years ago	MOVEit Vulnerability: Three VerSprite Experts Weigh In
CERT-EU	2 years ago	Clop Crime Group Adds 62 Ernst & Young Clients to Leak Sites
BankInfoSecurity	2 years ago	Clop Crime Group Adds 62 Ernst & Young Clients to Leak Sites
CERT-EU	2 years ago	The attack via Progress MOVEit Transfer
Malwarebytes	2 years ago	MOVEit Transfer fixes three new vulnerabilities
Checkpoint	2 years ago	10th July – Threat Intelligence Report - Check Point Research
CERT-EU	2 years ago	More MOVEit vulnerabilities disclosed, patched
CERT-EU	2 years ago	New MOVEit Transfer vulnerabilities include critical bug
CERT-EU	2 years ago	Another Unauthenticated SQLi Flaw Patched in MOVEit Transfer Software
BankInfoSecurity	2 years ago	Latest MOVEit Bug Is Another Critical SQL Injection Flaw
CERT-EU	2 years ago	Progress Software flags three new vulnerabilities in MOVEit Transfer
CERT-EU	2 years ago	After Zero-Day Attacks, MOVEit Turns to Security Service Packs
Securityaffairs	2 years ago	Progress warns customers of a new critical flaw in MOVEit Transfer
CERT-EU	2 years ago	MOVEit Transfer Faces Another Critical Data-Theft Bug
CERT-EU	2 years ago	Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities \| CISA
CERT-EU	2 years ago	Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software