PROGRESS MOVEit Transfer <15.0.4 Auth SQLi via endpoints: CVE-2023-36932 July 2023

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

Products Associated with CVE-2023-36932

Want to know whenever a new CVE is published for Progress Moveit Transfer? stack.watch will email you.

Exploit Probability

EPSS

17.88%

Percentile

95.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

PROGRESS MOVEit Transfer <15.0.4 Auth SQLi via endpointsCVE-2023-36932 Published on July 5, 2023

Products Associated with CVE-2023-36932

Exploit Probability

PROGRESS MOVEit Transfer <15.0.4 Auth SQLi via endpoints
CVE-2023-36932 Published on July 5, 2023