CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jun 23, 2023
Description
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.
EPSS — Exploit Probability
Higher than 99.9% of all CVEs
Required Action
This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023.; https://nvd.nist.gov/vuln/detail/CVE-2023-34362
Risk Assessment
CRITICALDetails
- Severity
- High
- EPSS
- 94.3%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Jun 2, 2023
Added to KEV
Jun 2, 2023
Remediation Due
Jun 23, 2023