Rewterz Threat Advisory – CVE-2023-35935 – Node.js @fastify/oauth2 Vulnerability
July 6, 2023Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
July 6, 2023Rewterz Threat Advisory – CVE-2023-35935 – Node.js @fastify/oauth2 Vulnerability
July 6, 2023Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
July 6, 2023Severity
High
Analysis Summary
CVE-2023-36934
Progress Software MOVEit Transfer is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the human.aspx script, which could allow the attacker to view, add, modify or delete information in the back-end database.
Impact
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-36934
Affected Vendors
MOVEit
Affected Products
- Progress MOVEit Transfer
Remediation
Upgrade to the latest version of git-commit-info, available from the node-git-commit-info GIT Repository.