ShiftDelete.net
BİZİ TAKİP EDİN

MOVEit transfer exposes critical SQL Injection flaws: Update now!

New critical SQL injection vulnerabilities found in the MOVEit Transfer application could expose sensitive data. Here are the details...

MOVEit transfer exposes critical SQL Injection flaws: Update now!

Public companies using the MOVEit Transfer application, a file transfer solution by Progress Software, are on high alert after the discovery of new SQL injection vulnerabilities. These vulnerabilities could provide an entry point for unauthorised access to sensitive information, highlighting a serious security concern.

SQL Injection Vulnerabilities

The company issued an advisory on June 9, 2023, stating that “Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could enable an unauthenticated attacker to manipulate and expose MOVEit database content through a crafted payload submission.”

Every version of the service is susceptible to these vulnerabilities. However, patches have been released for MOVEit Transfer versions 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2). MOVEit Cloud instances are now completely patched.

The cybersecurity company Huntress is credited with identifying these vulnerabilities during a code review. Progress Software assures that, to their knowledge, there have been no exploitations of these new flaws so far.

Previous MOVEit Transfer Vulnerability Exploitation

A MOVEit Transfer vulnerability, identified as CVE-2023-34362, had previously seen severe exploitation, allowing attackers to drop web shells on targeted systems. The Cl0p ransomware gang, notorious for data theft campaigns and exploiting zero-day bugs, has been linked to these activities.

Extortion Threats

The Cl0p group has also been issuing threats to companies affected by these vulnerabilities, warning that if they do not establish contact by June 14, 2023, their stolen information will be publicly disclosed on the data leak site.

The vulnerability exploitation in MOVEit Transfer software should be a wake-up call for all enterprises to ensure their systems are updated regularly to counter such threats. The significance of these events calls for improved cyber security measures, as a breach could lead to devastating results.

We invite our esteemed readers to share their thoughts on this critical issue. What are your views on this matter? Please share your thoughts in the comment section below!

SDN Yorumları 0 Yorum

Yorum Yap

İlgili Haberler

The image of OPPO Reno 13 has emerged!
The image of OPPO Reno 13 has emerged!
Xiaomi’s new price performance model has emerged!
Xiaomi’s new price performance model has emerged!
Xiaomi announced: Here are the models that will receive the HyperOS 2 update!
Xiaomi announced: Here are the models that will receive the HyperOS 2 update!
Tesla’s autonomous taxi Cybercab is coming to Europe!
Tesla’s autonomous taxi Cybercab is coming to Europe!

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net, İnternet Medyası ve Bilişim Muhabirleri Derneği üyesidir.

Desteklio