nvd-json-data-feeds/CVE-2023/CVE-2023-357xx/CVE-2023-35708.json

{
  "id": "CVE-2023-35708",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-06-16T04:15:14.203",
  "lastModified": "2023-06-16T14:15:09.110",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. The availability date of fixed versions of the DLL drop-in is earlier than the availability date of fixed versions of the full installer. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3)."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2023-06-16T06:00:34.503353+00:00 2023-06-16 06:00:37 +00:00			`{`
			`"id": "CVE-2023-35708",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2023-06-16T04:15:14.203",`
Auto-Update: 2023-06-16T16:00:33.473881+00:00 2023-06-16 16:00:36 +00:00			`"lastModified": "2023-06-16T14:15:09.110",`
Auto-Update: 2023-06-16T14:00:28.413640+00:00 2023-06-16 14:00:31 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2023-06-16T06:00:34.503353+00:00 2023-06-16 06:00:37 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
Auto-Update: 2023-06-16T16:00:33.473881+00:00 2023-06-16 16:00:36 +00:00			"value": "In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. The availability date of fixed versions of the DLL drop-in is earlier than the availability date of fixed versions of the full installer. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3)."
Auto-Update: 2023-06-16T06:00:34.503353+00:00 2023-06-16 06:00:37 +00:00			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`