CVE-2023-40043

CVSS 3.1 Score 7.2 of 10 (HIGH)

Attack Complexity

LOW

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Scope

UNCHANGED

Privileges Required

HIGH

Summary

CVE-2023-40043 is a SQL injection vulnerability affecting MOVEit Transfer versions prior to 2021.1.8, 2022.0.8, 2022.1.9, and 2023.0.6. This issue, present in the MOVEit Transfer web interface, allows a MOVEit system administrator to submit maliciously crafted input, potentially granting unauthorized access to the MOVEit Transfer database. The vulnerability could result in both modification and disclosure of sensitive MOVEit database content.

Details

Published: formatDate( 2023-09-20T17:15:11.240Z )
Updated: formatDate( 2023-09-22T18:32:28.627Z )
CWE ID: CWE-89

Affected Products

Progress MOVEit File Transfer

Affected Vendors

Ipswitch, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRJgsH
https://www.cve.org/CVERecord?id=CVE-2023-40043
https://nvd.nist.gov/vuln/detail/CVE-2023-40043