Advertisement
Top
image credit: Pxhere

MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited

June 2, 2023

Via: The Hacker News
Category:

A critical flaw in Progress Software’s in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems.

The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment.

“An SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said.

Read More on The Hacker News

RELATED PUBLICATIONS

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
Microsoft squashes Windows bug exploited to inflict ransomware misery

Latest Publications

The importance of the Vulnerability Operations Centre for cybersecurity
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
FIN7 targeted a large U.S. carmaker with phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!