Progress Software - MOVEit Platform (CVE-2023-34362)

On May 31, 2023, Progress Software, maker of MOVEit, reported a critical vulnerability in MOVEit Transfer. According to Progress Software’s website, a SQL injection vulnerability has been found in the MOVEit Transfer web applications that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. 

Additional information related to the SQL injection vulnerability can be located at https://nvd.nist.gov/vuln/detail/CVE-2023-34362

Progress Software has provided recommended mitigation steps, which can be found here: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

MicroBilt Response -

Mcrobilt does not use MOVEit or any software from Progress Software and has not been affected by this vulnerability.  

Customer / Vendor Response -

MicroBilt has sent out a vendor vulnerability assessment questionnaire to all partners and vendors, responses are being tracked in our vendor management system and we continue to work with vendors and partners to collectively guard and mitigate against this CVE

For any internet-facing systems identified with this vulnerability, forensics of the systems are highly recommended to determine whether those systems have been compromised.