CVE-2023-35036

GPTKB entity

Statements (23)
Predicate Object
gptkbp:instanceOf CVE Identifier
gptkbp:affects gptkb:MOVEit_Transfer
gptkbp:availabilityImpact High
gptkbp:complexity Low
gptkbp:confidentialityImpact High
gptkbp:cvssV3Score 9.8
gptkbp:describes MOVEit Transfer before 2021.0.6, 2022.0.6, and 2023.0.1 allows unauthenticated attackers to gain access to the application database via a crafted request.
gptkbp:exploits gptkb:SQL_Injection
gptkbp:hasCWE gptkb:CWE-288
https://www.w3.org/2000/01/rdf-schema#label CVE-2023-35036
gptkbp:integrityImpact High
gptkbp:interface nan
gptkbp:mainVendors gptkb:Progress_Software
gptkbp:patchedBy 2021.0.6
2022.0.6
2023.0.1
gptkbp:privileges nan
gptkbp:publicationDate 2023-06-09
gptkbp:referencedIn https://nvd.nist.gov/vuln/detail/CVE-2023-35036
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
gptkbp:vectorFor gptkb:network_protocol
gptkbp:bfsParent gptkb:MOVEit
gptkbp:bfsLayer 6