Source: heimdalsecurity.com – Author: Livia Gyongyoși
Researchers discovered new critical SQL injection vulnerabilities in the MOVEit Transfer managed file transfer (MFT) solution. The flaws could enable threat actors to exfiltrate information from customers’ databases. In addition, they impact all MOVEit Transfer versions.
An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content
As a result, a new patch was released on June 9, 2023, and customers are urged to apply it as soon as possible.
All MOVEit Transfer customers must apply the new patch, released on June 9, 2023. The investigation is ongoing, but currently, we have not seen indications that these newly discovered vulnerabilities have been exploited.
Additionally, BleepingComputer recently published a list of MOVEit Transfer versions that have a patch available for the newly discovered flaws:
How Were the New Vulnerabilities Discovered?
The recent discovery of the Clop ransomware gang exploiting the CVE-2023-34362 in data theft attacks lead to detailed code reviewing. For the moment, there is no evidence that the newly revealed vulnerabilities are being exploited in the wild. According to Progress Software, by leveraging the new vulnerabilities threat actors could submit a crafted payload to a MOVEit Transfer application endpoint. This could lead to altering and exposing the MOVEit database content.
Patches became available starting June 9th and security specialists recommend customers to apply them.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
Original Post URL: https://heimdalsecurity.com/blog/new-vulnerabilities-moveit/
Category & Tags: Cybersecurity News – Cybersecurity News
