CVE-2023-34362 in MOVEit Transferinfo

Summary

by MITRE • 06/02/2023

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 10/21/2025

The CVE-2023-34362 vulnerability represents a critical SQL injection flaw in Progress MOVEit Transfer web applications that has been actively exploited in the wild during late 2023. This vulnerability affects multiple versions of the MOVEit Transfer platform including 2021.0.6, 2021.1.4, 2022.0.4, 2022.1.5, and 2023.0.1, with the potential to impact all previous versions down to 2020.0 and earlier unsupported releases. The flaw stems from inadequate input validation within the web application's database interaction mechanisms, creating a pathway for unauthenticated attackers to directly interface with the underlying database systems. This vulnerability operates at the application layer and specifically targets the database abstraction layer where user inputs are processed without proper sanitization or parameterization, making it a classic example of CWE-89 SQL injection as defined in the Common Weakness Enumeration catalog. The exploitation occurs through standard HTTP or HTTPS protocols, allowing attackers to remotely access database structures and contents without requiring authentication credentials.

The technical exploitation of this vulnerability enables attackers to perform a wide range of malicious activities depending on the database engine in use, which could be MySQL, Microsoft SQL Server, or Azure SQL. Attackers can leverage this vulnerability to infer database schema information, extract sensitive data, modify existing records, or even delete critical database elements. The impact extends beyond simple data theft as the vulnerability allows for complete database manipulation capabilities, potentially leading to system compromise, data corruption, or complete service disruption. The vulnerability's exploitation capability aligns with ATT&CK technique T1190 for exploiting vulnerabilities in web applications, specifically targeting the database layer through SQL injection attacks. The fact that this vulnerability has been actively exploited in the wild demonstrates its severity and the immediate need for remediation across affected systems.

Organizations running affected versions of MOVEit Transfer face significant operational risks including potential data breaches, regulatory compliance violations, and system availability issues. The vulnerability's ability to affect older unsupported versions means that organizations with legacy systems may be particularly vulnerable, as these systems often lack proper security updates and monitoring capabilities. The attack surface is further expanded by the fact that exploitation requires no authentication, making it accessible to any attacker with network access to the vulnerable system. This vulnerability particularly impacts organizations that handle sensitive data through MOVEit Transfer, as the database access could expose personal information, financial records, or proprietary business data. The exploitation pattern indicates that attackers are actively targeting these systems, making prompt remediation essential to prevent unauthorized access and data compromise. Organizations should prioritize patching affected systems and implementing network monitoring to detect potential exploitation attempts, while also considering the broader implications for their data security posture and compliance requirements.

Reservation

06/02/2023

Disclosure

06/02/2023

Moderation

accepted

CPE

ready

EPSS

0.99934

KEV

yes

Activities

very low

Campaigns

2 (confirmed)

Sources

Do you need the next level of professionalism?

Upgrade your account now!