The company behind the MOVEit Transfer file transfer application patches patches to address SQL injection vulnerabilities.
Multiple SQL Injection vulnerabilities have been identified in the MOveit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVeeit Transfer database, the company said in an advisory released on June 9, 2023.
An attacker could submit a crafted payload to a MOVEIT Transfer application endpoint which could result in modification and disclosure of MOMoveit database content.
The flaws, which impact all versions of the service, have been addressed in MOVEIt Transfer versions 20210.0.7, 20221.5, 2022.1.6, 20222.2 (15.0), the company says.
It appears that the Clop threat actors were able to execute their attacks sequentially instead of in parallel.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply