CISA Warns of Three New, Now-Patched Vulnerabilities in MOVEit Transfer
Bangladesh gov't site exposed data on 50m citizens, Hackers demand $100k from Razer, Hackers stole $20m from Revolut bank, Ashley Madison suspect committed suicide one year before data published, more
The Cybersecurity and Infrastructure Security Agency reported that Progress Software, the company behind MOVEit Transfer, released a new package of patches to resolve the three bugs, labeled CVE-2023-36932, CVE-2023-36933, and CVE-2023-36934.
“A cyber threat actor could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users to review Progress Software’s MOVEit Transfer article and apply product updates as applicable for security improvements,” CISA warned.
The advisory from Progress Software said CVE-2023-36934, discovered by Guy Lederfein from Trend Micro’s Zero Day Initiative, highlights a critical-severity SQL injection that could allow an attacker to access or modify MOVEit database content.
The other two vulnerabilities discovered are high severity and could result in e…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.