{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"MOVEit Transfer versions 2021.1.x ant\u00e9rieures \u00e0 2021.1.6 (13.1.6)","product":{"name":"MOVEit Transfer","vendor":{"name":"Progress","scada":false}}},{"description":"MOVEit Transfer versions 2021.0.x ant\u00e9rieures \u00e0 2021.0.8 (13.0.8)","product":{"name":"MOVEit Transfer","vendor":{"name":"Progress","scada":false}}},{"description":"MOVEit Cloud versions ant\u00e9rieures \u00e0 14.4.6.97 ou 14.0.5.45 (production)","product":{"name":"MOVEit Transfer","vendor":{"name":"Progress","scada":false}}},{"description":"MOVEit Transfer versions ant\u00e9rieures \u00e0 2020.1.10 (12.1.10)","product":{"name":"MOVEit Transfer","vendor":{"name":"Progress","scada":false}}},{"description":"MOVEit Transfer versions 2022.0.x ant\u00e9rieures \u00e0 2022.0.6 (14.0.6)","product":{"name":"MOVEit Transfer","vendor":{"name":"Progress","scada":false}}},{"description":"MOVEit Transfer versions 2022.1.x ant\u00e9rieures \u00e0 2022.1.7 (14.1.7)","product":{"name":"MOVEit Transfer","vendor":{"name":"Progress","scada":false}}},{"description":"MOVEit Transfer versions 2023.x ant\u00e9rieures \u00e0 2023.0.3 (15.0.3)","product":{"name":"MOVEit Transfer","vendor":{"name":"Progress","scada":false}}},{"description":"MOVEit Cloud versions ant\u00e9rieures \u00e0 15.0.2.39 (test)","product":{"name":"MOVEit Transfer","vendor":{"name":"Progress","scada":false}}}],"affected_systems_content":"","closed_at":"2023-09-11","content":"## Solution\n\nSe r\u00e9f\u00e9rer au document PDF joint \u00e0 cette alerte.\n","cves":[{"name":"CVE-2023-34362","url":"https://www.cve.org/CVERecord?id=CVE-2023-34362"},{"name":"CVE-2023-35036","url":"https://www.cve.org/CVERecord?id=CVE-2023-35036"},{"name":"CVE-2023-35708","url":"https://www.cve.org/CVERecord?id=CVE-2023-35708"}],"links":[],"reference":"CERTFR-2023-ALE-005","revisions":[{"description":"Version initiale","revision_date":"2023-07-05T00:00:00.000000"},{"description":"Cl\u00f4ture de l'alerte. Cela ne signifie pas la fin d'une menace. Seule l'application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l'exploitation de la vuln\u00e9rabilit\u00e9 correspondante.","revision_date":"2023-09-11T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"La d\u00e9couverte d'une vuln\u00e9rabilit\u00e9 affectant le logiciel MOVEit Transfer\nde Progress Software, le 31 mai 2023, avait conduit le CERT-FR \u00e0 publier\ndes \u00e9l\u00e9ments d'information dans le bulletin d'actualit\u00e9\nCERTFR-2023-ACT-025.\n\nL'objet de cette alerte CERTFR-2023-ALE-005 est de faire le point sur\nl'exploitation de cette vuln\u00e9rabilit\u00e9 par le groupe cybercriminel CL0P\nainsi que de synth\u00e9tiser les mesures de rem\u00e9diation et de correction \u00e0\nappliquer par les utilisateurs du logiciel MOVEit Transfer.\n\n<a href=\"/uploads/CERTFR-2023-ALE-005.pdf\"\nstyle=\"display: block; text-align: center; padding: 5px 8px 5px 8px; background-color: #c4322c; width: 1200px; height: 32px; margin: 0 auto; color: #ffffff;\"\ndata-darkreader-inline-bgcolor=\"\"\ndata-darkreader-inline-color=\"\">T\u00e9l\u00e9charger le rapport : Exploitation\nd'une vuln\u00e9rabilit\u00e9 dans MOVEit Transfer par le groupe cybercriminel\nCL0P</a>\n","title":"Synth\u00e8se sur l'exploitation d'une vuln\u00e9rabilit\u00e9 dans MOVEit Transfer","vendor_advisories":[]}