Heimdal
article featured image

Contents:

Researchers discovered new critical SQL injection vulnerabilities in the MOVEit Transfer managed file transfer (MFT) solution. The flaws could enable threat actors to exfiltrate information from customers’ databases. In addition, they impact all MOVEit Transfer versions.

An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content

Source

As a result, a new patch was released on June 9, 2023, and customers are urged to apply it as soon as possible.

All MOVEit Transfer customers must apply the new patch, released on June 9, 2023. The investigation is ongoing, but currently, we have not seen indications that these newly discovered vulnerabilities have been exploited.

Source

Additionally, BleepingComputer recently published a list of MOVEit Transfer versions that have a patch available for the newly discovered flaws:

Affected Version  Fixed Version (full installer)  Documentation 
MOVEit Transfer 2023.0.x (15.0.x) MOVEit Transfer 2023.0.2 MOVEit 2023 Upgrade Documentation
MOVEit Transfer 2022.1.x (14.1.x) MOVEit Transfer 2022.1.6 MOVEit 2022 Upgrade Documentation
MOVEit Transfer 2022.0.x (14.0.x) MOVEit Transfer 2022.0.5
MOVEit Transfer 2021.1.x (13.1.x) MOVEit Transfer 2021.1.5 MOVEit 2021 Upgrade Documentation
MOVEit Transfer 2021.0.x (13.0.x) MOVEit Transfer 2021.0.7
MOVEit Transfer 2020.1.x (12.1) Special Patch Available See KB Vulnerability (May 2023) Fix for MOVEit Transfer 2020.1 (12.1)
MOVEit Transfer 2020.0.x (12.0) or older MUST upgrade to a supported version See MOVEit Transfer Upgrade and Migration Guide

Source

How Were the New Vulnerabilities Discovered?

The recent discovery of the Clop ransomware gang exploiting the CVE-2023-34362 in data theft attacks lead to detailed code reviewing. For the moment, there is no evidence that the newly revealed vulnerabilities are being exploited in the wild. According to Progress Software, by leveraging the new vulnerabilities threat actors could submit a crafted payload to a MOVEit Transfer application endpoint. This could lead to altering and exposing the MOVEit database content.

Patches became available starting June 9th and security specialists recommend customers to apply them.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE