Progress Software is urging its MOVEit customers to apply patches for a critical SQL injection vulnerability, CVE-2023-35708, which could enable unauthorized access to the MOVEit Transfer database. The vulnerability affects multiple versions of MOVEit Transfer and was disclosed in a way that deviated from industry standards. Progress has responded swiftly to the release of proof-of-concept code and has already patched two other critical vulnerabilities in recent weeks. Over 100 organizations, including government agencies and prominent companies, have been impacted by attacks targeting MOVEit. Progress advises customers to apply the latest patches promptly and provides instructions on how to do so.
Read more: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/
