SQL injection vulnerability in MOVEit Transfer - CVE-2023-35708ID: oval:org.secpod.oval:def:90513 | Date: (C)2023-06-20 (M)2023-11-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with MOVEit Transfer 2020.0.x before 2021.0.8 (13.0.8), 2021.1.x before 2021.1.6 (13.1.6), 2022.0.x before 2022.0.6 (14.0.6), 2022.1.x before 2022.1.7 (14.1.7), 2023.0.0 before 2023.0.3 (15.0.3) and is prone to a SQL injection vulnerability. A flaw is present in the application, which fails to properly handle issues in database. Successful exploitation could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.
Platform: |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |