Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
July 7, 2023Rewterz Threat Advisory – Multiple IBM Db2 Vulnerabilities
July 10, 2023Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
July 7, 2023Rewterz Threat Advisory – Multiple IBM Db2 Vulnerabilities
July 10, 2023Severity
Medium
Analysis Summary
CVE-2023-36932 CVSS:5.4
Progress Software MOVEit Transfer is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the human.aspx script, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2023-36933 CVSS:5.3
Progress MOVEit Transfer is vulnerable to a denial of service, caused by an uncaught exception. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Data Manipulation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-36932
- CVE-2023-36933
Affected Vendors
MOVEit
Affected Products
- Progress MOVEit Transfer 12.1.10
- Progress MOVEit Transfer 13.0.8
- Progress MOVEit Transfer 13.1.6
- Progress MOVEit Transfer 14.0.6
- Progress MOVEit Transfer 14.1.7
- Progress MOVEit Transfer 15.0.3
Remediation
Refer to Progress Community Web site for patch, upgrade or suggested workaround information.