Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to grab enterprise data, and Huntress researchers discovered CVE-2023-35036 after partnering with Progress to perform a code review of the web app. About CVE-2023-35708 CVE-2023-35708 is a vulnerability that could lead to escalated privileges and unauthorized access. … More
The post A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) appeared first on Help Net Security.