Progress is informing customers of a new critical SQL injection vulnerability, tracked as CVE-2023-36934, in its MOVEit Transfer software.
MOVEit Transfer software recently made the headlines due to the massive Clop ransomware hacking campaign exploiting a vulnerability in the product.
The flaw CVE-2023-36934 impacts software versions released before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), 2023.0.4 (15.0.4), the vulnerability was reported by Guy Lederfein of Trend Micro working through the Zero Day Initiative.
The company also addressed high-severity rating issues collectively tracked as CVE-2023-36932.
The flaws impacts In Progress MOVEit Transfer versions released before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), 2023.0.4 (15.0.4).