What is CVE-2023-35708?

CVE-2023-35708 is a vulnerability in N/a. Published 2023-06-16.

Is CVE-2023-35708 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow…

EPSS: 0.812 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

KushGuptaRH/MOVEit-Response
curated-intel/MOVEit-Transfer
most-e/Capstone
nullvaluez/Windows11-Hardener
optiv/nvdsearch

References

www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-…
community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2…
www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability

Frequently asked questions

What is CVE-2023-35708?: CVE-2023-35708 is a vulnerability in N/a. Published 2023-06-16.
Is CVE-2023-35708 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.