Vulnerability Watch

Forum Discussion

snarang's avatar
snarang
Product Team
3 years ago

Second SQL Injection Discovered in MOVEit Transfer (CVE-Pendi

Second SQL Injection Discovered in MOVEit Transfer (CVE-Pending)

On June 9, Progress Software Corporation (“Progress Software”) published a new advisory to address a second SQL injection vulnerability in MOVEit Transfer, its file transfer solution. At the time this community post was published, no CVE was assigned, though Progress Software has said a CVE is pending assignment. Once a CVE is assigned, it will be referenced in our blog post below.

This new flaw was reportedly discovered as part of a security audit following the disclosure of CVE-2023-34362, which was disclosed on June 2.

Our existing blog for CVE-2023-34362 has been updated to include information about this new SQL injection vulnerability. Additionally, updated detection and version check plugin information can be found in our blog.

No RepliesBe the first to reply