CVE-2023-34362 is a critical SQL injection vulnerability identified in the MOVEit Transfer web application, a widely used managed file transfer solution. The vulnerability affects all versions prior to the patched releases 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), including older unsupported versions such as 2020.0 and 2019.x. The flaw allows an unauthenticated attacker to send crafted HTTP or HTTPS requests that exploit improper input sanitization in SQL queries, enabling arbitrary SQL command execution against the backend database. Depending on the database engine in use—MySQL, Microsoft SQL Server, or Azure SQL—the attacker can enumerate database schema information, extract sensitive data, and perform destructive operations such as data modification or deletion. The vulnerability does not require any authentication or user interaction, significantly increasing its exploitability. It has been actively exploited in the wild during May and June 2023, indicating that threat actors are leveraging this flaw to compromise MOVEit Transfer deployments. The CVSS v3.1 base score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with the ease of remote exploitation. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). No official patch links were provided in the source, but the vendor has released updates addressing this issue in the specified versions. Organizations relying on MOVEit Transfer for secure file transfer are at risk of data breaches, operational disruption, and potential regulatory non-compliance if exploited.

For European organizations, the impact of CVE-2023-34362 is severe. MOVEit Transfer is commonly used in sectors requiring secure file transfers, such as finance, healthcare, government, and critical infrastructure. Exploitation could lead to unauthorized disclosure of sensitive personal data, intellectual property, and confidential business information, resulting in significant reputational damage and regulatory penalties under GDPR. The ability to alter or delete database contents can disrupt business operations, cause data loss, and impair service availability. Given the vulnerability allows unauthenticated remote exploitation, attackers can compromise systems without insider access, increasing the threat landscape. The active exploitation in the wild suggests that European entities are likely targets, especially those with high-value data or strategic importance. Additionally, the breach of MOVEit Transfer systems could serve as a foothold for further lateral movement and escalation within corporate networks, amplifying the overall risk.

1. Immediate application of vendor-provided patches for MOVEit Transfer to versions 2021.0.6, 2021.1.4, 2022.0.4, 2022.1.5, or 2023.0.1 or later is critical. 2. If patching is not immediately possible, restrict external access to MOVEit Transfer web interfaces via firewall rules or VPN to limit exposure. 3. Implement web application firewalls (WAF) with custom rules to detect and block SQL injection patterns targeting MOVEit Transfer endpoints. 4. Conduct thorough monitoring and logging of database queries and web application logs to detect anomalous activities indicative of exploitation attempts. 5. Perform regular database backups and verify their integrity to enable recovery in case of data tampering or deletion. 6. Review and harden database permissions to minimize the impact of a successful SQL injection attack. 7. Educate security teams about this specific vulnerability and ensure incident response plans include steps for handling MOVEit Transfer compromises. 8. Engage with MOVEit Transfer vendor support for guidance and confirm that all instances, including legacy and unsupported versions, are accounted for in remediation efforts.