Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. [UPDATED] Critical Vulnerability in MOVEit Transfer Web Application
Alerts

[UPDATED] Critical Vulnerability in MOVEit Transfer Web Application

12 June 2023

Progress software has released security updates to address a critical vulnerability (CVE-2023-35036) in their MOVEit Transfer web application.

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated attacker to gain unauthorised access to the MOVEit Transfer database, potentially resulting in modification and disclosure of the MOVEit database content.

The vulnerability affects the following product versions:

  • MOVEit Transfer 2023.0.2 (15.0.2)

  • MOVEit Transfer 2022.1.6 (14.1.6)

  • MOVEit Transfer 2022.0.5 (14.0.5)

  • MOVEit Transfer 2021.1.5 (13.1.5)

  • MOVEit Transfer 2021.0.7 (13.0.7)

  • MOVEit Transfer 2020.1.6 (12.1.6)

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-2023-35036-June-9-2023


Back to top