New MOVEit Transfer Critical Vulnerability (CVE-2023-35036)
Dark Lab on Jun 13 2023
Share:
Shortly after the disclosure of the actively exploited zero-day vulnerability in Progress' MOVEit File Transfer software (CVE-2023-34362), Progress has released a new security advisory for a new SQL injection vulnerability impacting MOVEit Transfer, CVE-2023-35036. Exploitation of CVE-2023-35036 could enable an unauthenticated attacker to gain unauthorised access to the MOVEit Transfer database.
Given the active exploitation of CVE-2023-34362 by Cl0p ransomware actors, we posit that Cl0p ransomware operators will quickly weaponise CVE-2023-35036 to expand their targeting. Customers using MOVEit's products are strongly advised to apply the latest patch to remediate susceptibility to the vulnerabilities.
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-Pending-Reserve-Status-June-9-2023
Given the active exploitation of CVE-2023-34362 by Cl0p ransomware actors, we posit that Cl0p ransomware operators will quickly weaponise CVE-2023-35036 to expand their targeting. Customers using MOVEit's products are strongly advised to apply the latest patch to remediate susceptibility to the vulnerabilities.
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-Pending-Reserve-Status-June-9-2023