CVE-2023-34362

GPTKB entity

Statements (27)
Predicate Object
gptkbp:instanceOf cybersecurity vulnerability
gptkbp:affects gptkb:MOVEit_Transfer
gptkbp:exploits Cl0p ransomware group
gptkbp:hasAttackVector gptkb:network_protocol
gptkbp:hasAuthenticationRequired none
gptkbp:hasCVEID gptkb:CVE-2023-34362
gptkbp:hasCVSSScore 9.8
gptkbp:hasCWE gptkb:CWE-89
gptkbp:hasMitreDescription MOVEit Transfer SQL injection vulnerability allows unauthenticated attackers to gain access to the MOVEit Transfer database.
gptkbp:hasPatchAvailable true
gptkbp:hasPublicExploit true
gptkbp:hasSeverity critical
gptkbp:hasType SQL injection
gptkbp:hasVendorAdvisory https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
https://www.w3.org/2000/01/rdf-schema#label CVE-2023-34362
gptkbp:influencedBy data exfiltration
unauthorized access
gptkbp:isAssignedToVendor gptkb:Progress_Software
gptkbp:isExploitedInTheWild true
gptkbp:isPartOfCampaign Cl0p ransomware attacks
gptkbp:isPatched true
gptkbp:referencedIn https://www.progress.com/moveit
https://nvd.nist.gov/vuln/detail/CVE-2023-34362
https://www.cisa.gov/news-events/alerts/2023/06/02/critical-vulnerability-moveit-transfer-exploited
gptkbp:wasDisclosedOn 2023-05-31
gptkbp:bfsParent gptkb:MOVEit
gptkbp:bfsLayer 6