CVE-2023-40043

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Sep 20, 2023

Updated: Sep 22, 2023

CWE ID 89

Summary

CVE-2023-40043 is a SQL injection vulnerability affecting MOVEit Transfer versions prior to 2021.1.8, 2022.0.8, 2022.1.9, and 2023.0.6. This issue, present in the MOVEit Transfer web interface, allows a MOVEit system administrator to submit maliciously crafted input, potentially granting unauthorized access to the MOVEit Transfer database. The vulnerability could result in both modification and disclosure of sensitive MOVEit database content.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Progress MOVEit File Transfer

Affected Vendors

Ipswitch, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRJgsH
https://www.cve.org/CVERecord?id=CVE-2023-40043
https://nvd.nist.gov/vuln/detail/CVE-2023-40043

Back to Vulnerability Database