QID 378633

CVE-2023-36932: In Progress MOVEit Transfer versions released before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.

CVE-2023-36934: In Progress MOVEit Transfer versions released before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.

Affected Versions:
Progress MOVEit Transfer versions prior to 2020.1.11 (12.1.11)
Progress MOVEit Transfer versions prior to 2021.0.9 (13.0.9)
Progress MOVEit Transfer versions prior to 2021.1.7 (13.1.7)
Progress MOVEit Transfer versions prior to 2022.0.7 (14.0.7)
Progress MOVEit Transfer versions prior to 2022.1.8 (14.1.8)
Progress MOVEit Transfer versions prior to 2023.0.4 (15.0.4)

QID Detection Logic: (Authenticated)
This QID checks file version of MOVEit.DMZ.ClassLib.dll to identify the vulnerable versions of the product MOVEit Transfer.

QID Detection Logic: (Unauthenticated)
This QID checks vulnerable version of MOVEit Transfer by sending a HTTP GET request to '/moveitisapi/moveitisapi.dll?action=capa' endpoint and checking the X-MOVEitISAPI-Version header.

Successful exploitation of this vulnerability could allow an un-authenticated attacker to gain unauthorized access to the MOVEit Transfer database.