CVE-2021-31827

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2021.0 (13.0)

Description A SQL injection issue has been discovered in the MOVEit Transfer web application, potentially allowing an authenticated attacker to gain unauthorized access to the database. The attacker may be able to infer database structure and content information, and execute SQL statements to alter or destroy database elements, depending on the database engine used, such as MySQL, Microsoft SQL Server, or Azure SQL. The issue is located in MOVEit.DMZ.WebApp in SILHuman.vb.

Recommendations For versions prior to 2021.0 (13.0), update to version 2021.0 (13.0) or later to resolve the issue. As a temporary workaround, consider restricting access to the MOVEit Transfer web application to minimize the risk of exploitation.