CVE-2023-34362 added to CISA KEV: Progress MOVEit Transfer
Status: ✅ Confirmed exploited in the wild
Date added: 2023-06-02
Required action: Apply updates per vendor instructions.
Due date: 2023-06-23
Why this matters
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.