Progress Software program has introduced the invention and patching of a important SQL injection vulnerability in MOVEit Switch, common software program used for safe file switch. As well as, Progress Software program has patched two different high-severity vulnerabilities.
The recognized SQL injection vulnerability, tagged as CVE-2023-36934, may probably permit unauthenticated attackers to realize unauthorized entry to the MOVEit Switch database.
SQL injection vulnerabilities are a widely known and harmful safety flaw that permits attackers to control databases and run any code they need. Attackers can ship particularly designed payloads to sure endpoints of the affected software, which may change or expose delicate information within the database.
The rationale CVE-2023-36934 is so important is that it may be exploited with out having to be logged in. Because of this even attackers with out legitimate credentials can probably exploit the vulnerability. Nonetheless, as of now, there have been no reviews of this specific vulnerability being actively utilized by attackers.
This discovery comes after a sequence of current cyberattacks that used a distinct SQL injection vulnerability (CVE-2023-34362) to focus on MOVEit Switch with Clop ransomware. These assaults resulted in information theft and cash extortion from affected organizations.
This newest safety replace from Progress Software program additionally addresses two different high-severity vulnerabilities: CVE-2023-36932 and CVE-2023-36933.
CVE-2023-36932 is a SQL injection flaw that may be exploited by attackers who’re logged in to realize unauthorized entry to the MOVEit Switch database. CVE-2023-36933, then again, is a vulnerability that permits attackers to unexpectedly shut down the MOVEit Switch program.
🔐 Privileged Entry Administration: Study Find out how to Conquer Key Challenges
Uncover totally different approaches to beat Privileged Account Administration (PAM) challenges and degree up your privileged entry safety technique.
Researchers from HackerOne and Pattern Micro’s Zero Day Initiative responsibly reported Progress Software program about these vulnerabilities.
These vulnerabilities have an effect on a number of MOVEit Switch variations, together with 12.1.10 and former variations, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and older, 14.1.7 and older, and 15.0.3 and earlier.
Progress Software program has made the required updates obtainable for all main MOVEit Switch variations. Customers are strongly suggested to replace to the most recent model of MOVEit Switch to scale back the dangers posed by these vulnerabilities.
