Progress.MOVEit.Transfer.human.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in Progress MOVEit.
The vulnerability is due to insufficient validation in the application when handling a crafted HTTP request. A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.
Affected Products
Progress MOVEit Transfer before 2020.1.11 (12.1.11)
Progress MOVEit Transfer before 2021.0.9 (13.0.9)
Progress MOVEit Transfer before 2021.1.7 (13.1.7)
Progress MOVEit Transfer before 2022.0.7 (14.0.7)
Progress MOVEit Transfer before 2022.1.8 (14.1.8)
Progress MOVEit Transfer before 2022.1.8 2023.0.4 (15.0.4)
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application.
Recommended Actions
Upgrade to the latest version available from the vendor.
https://www.progress.com/moveit
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |