Vulnerability in N/a
CVE-2023-34362
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an u…
EPSS: 0.943 (99.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
- horizon3ai/CVE-2023-34362
- sfewer-r7/CVE-2023-34362
- Malwareman007/CVE-2023-34362
- kenbuckler/MOVEit-CVE-2023-34362
- errorfiathck/MOVEit-Exploit
- deepinstinct/MOVEit_CVE-2023-34362_IOCs
- toorandom/moveit-payload-decrypt-CVE-2023-34362
- KarmanyaT28/Multi-Stage-Exploitation-and-Detection-Engineering-Analysis-of-CVE-2023-34362-in-MOVEit-Transfer
- tubaaiftikhar-ui/MOVEit-Transfer-Data-Breach-Analysis.
- khengar9274-web/moveit-transfer-2023-breach
References
Frequently asked questions
- What is CVE-2023-34362?
- CVE-2023-34362 is a vulnerability in N/a. Published 2023-06-02.
- Is CVE-2023-34362 known to be exploited?
- Yes. CVE-2023-34362 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-06-02), indicating it is being actively exploited. 69 public proof-of-concept repositories are indexed.