CVE-2023-35708

Summary

CVE-2023-35708 is a newly identified SQL injection vulnerability affecting MOVEit Transfer versions before 2021.0.8, 2021.1.6, 2022.0.6, 2022.1.7, and 2023.0.3. An attacker can exploit this vulnerability by submitting a specially crafted payload to a MOVEit Transfer application endpoint. This could allow the attacker to gain unauthenticated access to the MOVEit Transfer database and modify or disclose its content. The affected versions have been patched in updates 2020.1.10, 2021.0.8, 2021.1.6, 2022.0.6, 2022.1.7, and 2023.0.3. System administrators are strongly advised to apply these patches as soon as possible to mitigate the risk of potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.