Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies.
The new flaw, which is being tracked as CVE-2023-35708, also concerns an SQL injection vulnerability that “could lead to escalated privileges and potential unauthorized access to the environment.”
The company is urging its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a fix is being prepared to address the weakness. The cloud managed file transfer solution has been fully patched.