CVE-2023-36933: 
MOVEit Transfer vulnerability analysis and mitigation

CVE-2023-36933 is a high severity vulnerability affecting MOVEit Transfer software. The vulnerability was discovered and disclosed in July 2023, affecting multiple versions of MOVEit Transfer including versions before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4). The vulnerability allows an attacker to invoke a method that results in an unhandled exception (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. It is classified under CWE-755 (Improper Handling of Exceptional Conditions). The vulnerability specifically relates to the improper handling of exceptional conditions within the MOVEit Transfer application (NVD).

When exploited, this vulnerability can cause the MOVEit Transfer application to terminate unexpectedly, leading to a denial of service condition. The impact primarily affects the availability of the system, with no direct impact on confidentiality or integrity (NVD).

Progress Software has released security patches for all affected versions of MOVEit Transfer. Users are advised to upgrade to the following patched versions: 2023.0.4 (15.0.4), 2022.1.8 (14.1.8), 2022.0.7 (14.0.7), 2021.1.7 (13.1.7), or 2021.0.9 (13.0.9) (Progress Advisory).