MOVEit (CVE-2023-34362)

MOVEit Transfer is the SQL-injection-leading-to-RCE that Clop ransomware turned into one of 2023's largest data-theft campaigns, affecting thousands of organisations.

Definition

CVE-2023-34362 is an SQL injection in Progress MOVEit Transfer that escalates to remote code execution via the application's stored procedures. The Clop ransomware operation weaponised the bug within days of its discovery in May 2023 and ran a coordinated mass-exfiltration campaign against MOVEit deployments worldwide. The campaign affected thousands of organisations — including BBC, British Airways, multiple U.S. federal agencies, and many universities.

Mitigation

Apply Progress's emergency patches. Audit logs for indicators of compromise (`human2.aspx`, attacker-staged webshells).

See also

References